CVE-2021-4045
Summary
| CVE | CVE-2021-4045 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-10 17:44:00 UTC |
| Updated | 2022-09-30 14:46:00 UTC |
| Description | TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera. |
Risk And Classification
Problem Types: CWE-77
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Tp-link | Tapo C200 | - | All | All | All |
| Operating System | Tp-link | Tapo C200 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| TP-Link Tapo c200 1.1.15 Remote Code Execution ≈ Packet Storm | MISC | packetstormsecurity.com | |
| TP-LINK Tapo C200 remote code execution vulnerability | INCIBE-CERT | CONFIRM | www.incibe-cert.es | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Víctor Fresco Perales
There are currently no legacy QID mappings associated with this CVE.