← Back

CVE-2020-12109

nvd nist
Published: May 4, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

Affected (24)

Tp Link
7 products
Nc200 Firmware
Nc210 Firmware
Nc220 Firmware
Nc230 Firmware
Nc250 Firmware
Nc260 Firmware
Nc450 Firmware
Configuration A
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tp Link
Nc200 Firmware
Version 2.1.6 160108_b
Nc200 Firmware
Version 2.1.9 200225
Running on/withPlatform Versions
Tp Link
Nc200
All versions
Configuration B
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tp Link
Nc210 Firmware
Version 1.0.3 160229
Nc210 Firmware
Version 1.0.4 160412
Nc210 Firmware
Version 1.0.9 200304
Running on/withPlatform Versions
Tp Link
Nc210
All versions
Configuration C
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tp Link
Nc220 Firmware
Version 1.2.0 170516
Nc220 Firmware
Version 1.3.0 180105
Nc220 Firmware
Version 1.3.0 200304
Running on/withPlatform Versions
Tp Link
Nc220
All versions
Configuration D
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tp Link
Nc230 Firmware
Version 1.0.3 160108
Nc230 Firmware
Version 1.2.1 170515
Nc230 Firmware
Version 1.3.0 200304
Running on/withPlatform Versions
Tp Link
Nc230
All versions
Configuration E
4 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tp Link
Nc250 Firmware
Version 1.0.10 160321
Nc250 Firmware
Version 1.0.8 160108
Nc250 Firmware
Version 1.2.1 170515
Nc250 Firmware
Version 1.3.0 200304
Running on/withPlatform Versions
Tp Link
Nc250
All versions
Configuration F
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tp Link
Nc260 Firmware
Version 1.0.5 160804
Nc260 Firmware
Version 1.0.6 161114
Nc260 Firmware
Version 1.4.1 180720
Nc260 Firmware
Version 1.5.0 181123
Nc260 Firmware
Version 1.5.2 200304
Running on/withPlatform Versions
Tp Link
Nc260
All versions
Configuration G
4 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tp Link
Nc450 Firmware
Version 1.0.15 160920
Nc450 Firmware
Version 1.1.2 161013
Nc450 Firmware
Version 1.3.4 171130
Nc450 Firmware
Version 1.5.3 200304
Running on/withPlatform Versions
Tp Link
Nc450
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (8)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitMailing ListThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.