CVE-2020-13224 - OpenCVE

TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Tp-link	Nc210 Nc200 Nc260 Firmware Nc230 Firmware Nc250 Nc200 Firmware Nc250 Firmware Nc450 Nc220 Nc230 Nc220 Firmware Nc260 Nc210 Firmware Nc450 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:tp-link:nc200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc200:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tp-link:nc210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc210:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:tp-link:nc220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc220:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:tp-link:nc230_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc230:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:tp-link:nc250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc250:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:tp-link:nc260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:tp-link:nc450_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/158115/TP-LINK-Cloud-Cameras-NCXXX-Stack-Overflow.html	Exploit Third Party Advisory VDB Entry
https://www.tp-link.com/us/security	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-06-17T12:13:36

Updated: 2020-06-17T12:13:36

Reserved: 2020-05-20T00:00:00

Link: CVE-2020-13224

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-06-17T13:15:11.210

Modified: 2020-06-24T14:57:16.043

Link: CVE-2020-13224

JSON object: View

Redhat Information

No data.

CWE

CWE-120

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-17T12:13:36", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tp-link.com/us/security"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/158115/TP-LINK-Cloud-Cameras-NCXXX-Stack-Overflow.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-13224", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.tp-link.com/us/security", "refsource": "MISC", "url": "https://www.tp-link.com/us/security"}, {"name": "http://packetstormsecurity.com/files/158115/TP-LINK-Cloud-Cameras-NCXXX-Stack-Overflow.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/158115/TP-LINK-Cloud-Cameras-NCXXX-Stack-Overflow.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-13224", "datePublished": "2020-06-17T12:13:36", "dateReserved": "2020-05-20T00:00:00", "dateUpdated": "2020-06-17T12:13:36", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:nc200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4D7C6FD-2B67-425B-9D48-630FEDC538BE", "versionEndIncluding": "2.1.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:nc200:-:*:*:*:*:*:*:*", "matchCriteriaId": "1856BF12-5B8B-460C-951D-B48DAEFE93F8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:nc210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "91D46128-D59C-42A9-B61D-44EA99537561", "versionEndIncluding": "1.0.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:nc210:-:*:*:*:*:*:*:*", "matchCriteriaId": "32E1DC59-F58C-4FB4-A3C0-9A4F8290F8E8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:nc220_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5FD1508-2403-4086-B707-C9EEBDAC9B6D", "versionEndIncluding": "1.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:nc220:-:*:*:*:*:*:*:*", "matchCriteriaId": "09A89384-FA35-492D-B25D-434A049D3A13", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:nc230_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "36109B57-6864-4742-AE6B-F00B68040CA2", "versionEndIncluding": "1.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:nc230:-:*:*:*:*:*:*:*", "matchCriteriaId": "3EDB6A57-0D56-43D2-8D36-EC841D9A7FED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:nc250_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1880A8F-EFF4-49EC-8B49-1A01A8FD5F52", "versionEndIncluding": "1.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:nc250:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C6A3B4E-F357-4E9F-A799-E58E0D593F19", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:nc260_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A321BB22-14B8-4A7C-AE2A-2406079EADE3", "versionEndIncluding": "1.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F82284F-1244-45BC-9F38-956219905C97", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:nc450_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C98B9E3F-71C6-4C80-89B3-22B675BDE87C", "versionEndIncluding": "1.5.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*", "matchCriteriaId": "71C122A0-FEC3-4482-A55D-09FA03A47F56", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow"}, {"lang": "es", "value": "Dispositivos TP-LINK NC200 versiones hasta 2.1.10 build 200401, dispositivos NC210 versiones hasta 1.0.10 build 200401, dispositivos NC220 versiones hasta 1.3.1 build 200401, dispositivos NC230 versiones hasta 1.3.1 build 200401, dispositivos NC250 versiones hasta 1.3.1 build 200401, dispositivos NC260 versiones hasta 1.5.3 build_200401, y los dispositivos NC450 versiones hasta 1.5.4 build 200401, presentan un desbordamiento de b\u00fafer"}], "id": "CVE-2020-13224", "lastModified": "2020-06-24T14:57:16.043", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-17T13:15:11.210", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/158115/TP-LINK-Cloud-Cameras-NCXXX-Stack-Overflow.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.tp-link.com/us/security"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}