Vulnerability Description
Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Nc200 Firmware | 2.1.6 |
| Tp-Link | Nc200 | - |
| Tp-Link | Nc210 Firmware | 1.0.3 |
| Tp-Link | Nc210 | - |
| Tp-Link | Nc220 Firmware | 1.2.0 |
| Tp-Link | Nc220 | - |
| Tp-Link | Nc230 Firmware | 1.0.3 |
| Tp-Link | Nc230 | - |
| Tp-Link | Nc250 Firmware | 1.0.8 |
| Tp-Link | Nc250 | - |
| Tp-Link | Nc260 Firmware | 1.0.5 |
| Tp-Link | Nc260 | - |
| Tp-Link | Nc450 Firmware | 1.0.15 |
| Tp-Link | Nc450 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-HardcodeExploitThird Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2020/May/3ExploitMailing ListThird Party Advisory
- http://packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-HardcodeExploitThird Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2020/May/3ExploitMailing ListThird Party Advisory
FAQ
What is CVE-2020-12110?
CVE-2020-12110 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, N...
How severe is CVE-2020-12110?
CVE-2020-12110 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-12110?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Nc200 Firmware, Tp-Link Nc200, Tp-Link Nc210 Firmware, Tp-Link Nc210, Tp-Link Nc220 Firmware.