Nc450 Firmware
CVE-2020-11445
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.
AnalysisAI
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. Affected products include: Tp-Link Nc450 Firmware, Tp-Link Nc260 Firmware, Tp-Link Nc250 Firmware, Tp-Link Nc230 Firmware, Tp-Link Nc220 Firmware. Version information: through 2020.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Nc450 Firmware
View allCertain TP-Link devices allow Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploita
Certain TP-Link devices have a Hardcoded Encryption Key. Rated critical severity (CVSS 9.8), this vulnerability is remot
TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.
Certain TP-Link devices allow Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploita
TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 thro
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today