CVE-2020-10231

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2020-10231
TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://seclists.org/fulldisclosure/2020/Mar/54 Exploit Mailing List Third Party Advisory
http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2020/Apr/5 Exploit Mailing List Patch Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:tp-link:nc450_firmware:1.1.1:160928:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc450_firmware:1.1.2:161013:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc450_firmware:1.1.6:161124:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc450_firmware:1.5.0:181022:*:*:*:*:*:*
cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:tp-link:nc260_firmware:1.0.5:160804:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc260_firmware:1.0.6:161114:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc260_firmware:1.5.1:190805:*:*:*:*:*:*
cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:tp-link:nc250_firmware:1.3.0:171205:*:*:*:*:*:*
cpe:2.3:h:tp-link:nc250:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:tp-link:nc230_firmware:1.3.0:171205:*:*:*:*:*:*
cpe:2.3:h:tp-link:nc230:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:tp-link:nc220_firmware:1.1.12:160321_a:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc220_firmware:1.1.12:160321_b:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc220_firmware:1.1.14:161219:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc220_firmware:1.2.0:170516:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc220_firmware:1.3.0:180105:*:*:*:*:*:*
cpe:2.3:h:tp-link:nc220:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:tp-link:nc210_firmware:1.0.9:171214:*:*:*:*:*:*
cpe:2.3:h:tp-link:nc210:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:tp-link:nc200_firmware:2.1.6:160108_a:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc200_firmware:2.1.6:160108_b:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc200_firmware:2.1.7:160315_a:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc200_firmware:2.1.7:160315_b:*:*:*:*:*:*
cpe:2.3:o:tp-link:nc200_firmware:2.1.8:171109:*:*:*:*:*:*
cpe:2.3:h:tp-link:nc200:-:*:*:*:*:*:*:*
Information

Published : 2020-04-01 07:15

Updated : 2020-05-12 07:09

NVD link : CVE-2020-10231

Mitre link : CVE-2020-10231

JSON object : View

CWE
CWE-476

NULL Pointer Dereference

Advertisement

dedicated server usa
Products Affected

tp-link

  • nc250
  • nc200
  • nc210
  • nc200_firmware
  • nc220_firmware
  • nc260
  • nc260_firmware
  • nc450_firmware
  • nc450
  • nc230_firmware
  • nc250_firmware
  • nc210_firmware
  • nc220
  • nc230