silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,146
TP-Link has released firmware updates to address several vulnerabilities in its NC series cloud cameras, including bugs that could lead to the remote execution of arbitrary commands.
Tracked as CVE-2020-12111, the first of the command injection flaws impacts the NC260 and NC450 models and could be abused to remotely execute commands as root on affected devices.
The second command injection bug, CVE-2020-12109, impacts TP-Link NC200, NC210, NC220, NC230, NC250, NC260, and NC450 cloud cameras.
In addition to these two vulnerabilities, TP-Link addressed a hardcoded encryption key issue in NC200, NC210, NC220, NC230, NC250, NC260, and NC450 device models. Tracked as CVE-2020-12110, [....]