← Back

CVE-2020-12111

nvd nist
Published: May 4, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304.

Affected (9)

Tp Link
2 products
Nc260 Firmware
Nc450 Firmware
Configuration A
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tp Link
Nc260 Firmware
Version 1.0.5 160804
Nc260 Firmware
Version 1.0.6 161114
Nc260 Firmware
Version 1.4.1 180720
Nc260 Firmware
Version 1.5.0 181123
Nc260 Firmware
Version 1.5.2 200304
Running on/withPlatform Versions
Tp Link
Nc260
All versions
Configuration B
4 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tp Link
Nc450 Firmware
Version 1.0.15 160920
Nc450 Firmware
Version 1.1.2 161013
Nc450 Firmware
Version 1.3.4 171130
Nc450 Firmware
Version 1.5.3 200304
Running on/withPlatform Versions
Tp Link
Nc450
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (6)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitMailing ListThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.