Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors Products
Tp-link
  • Nc210
  • Nc200
  • Nc260 Firmware
  • Nc230 Firmware
  • Nc250
  • Nc200 Firmware
  • Nc250 Firmware
  • Nc450
  • Nc220
  • Nc230
  • Nc220 Firmware
  • Nc260
  • Nc210 Firmware
  • Nc450 Firmware

Configuration 1 [-]

AND
OR cpe:2.3:o:tp-link:nc200_firmware:2.1.6:160108_b:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc200_firmware:2.1.9:200225:*:*:*:*:*:*
cpe:2.3:h:tp-link:nc200:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:o:tp-link:nc210_firmware:1.0.3:160229:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc210_firmware:1.0.4:160412:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc210_firmware:1.0.9:200304:*:*:*:*:*:*
cpe:2.3:h:tp-link:nc210:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:o:tp-link:nc220_firmware:1.2.0:170516:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc220_firmware:1.3.0:180105:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc220_firmware:1.3.0:200304:*:*:*:*:*:*
cpe:2.3:h:tp-link:nc220:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
OR cpe:2.3:o:tp-link:nc230_firmware:1.0.3:160108:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc230_firmware:1.2.1:170515:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc230_firmware:1.3.0:200304:*:*:*:*:*:*
cpe:2.3:h:tp-link:nc230:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
OR cpe:2.3:o:tp-link:nc250_firmware:1.0.8:160108:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc250_firmware:1.0.10:160321:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc250_firmware:1.2.1:170515:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc250_firmware:1.3.0:200304:*:*:*:*:*:*
cpe:2.3:h:tp-link:nc250:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
OR cpe:2.3:o:tp-link:nc260_firmware:1.0.5:160804:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc260_firmware:1.0.6:161114:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc260_firmware:1.4.1:180720:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc260_firmware:1.5.0:181123:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc260_firmware:1.5.2:200304:*:*:*:*:*:*
cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
OR cpe:2.3:o:tp-link:nc450_firmware:1.0.15:160920:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc450_firmware:1.1.2:161013:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc450_firmware:1.3.4:171130:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc450_firmware:1.5.3:200304:*:*:*:*:*:*
cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*
References
Link Resource
http://packetstormsecurity.com/files/157532/TP-LINK-Cloud-Cameras-NCXXX-Hardcoded-Encryption-Key.html Exploit Third Party Advisory VDB Entry
https://seclists.org/fulldisclosure/2020/May/3 Exploit Mailing List Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-05-04T13:49:45

Updated: 2020-05-04T18:06:17

Reserved: 2020-04-23T00:00:00

Link: CVE-2020-12110

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2020-05-04T14:15:13.277

Modified: 2020-05-12T14:54:19.933

Link: CVE-2020-12110

JSON object: View

cve-icon Redhat Information

No data.

CWE