Sign-up

ID

VAR-202005-0329


CVE

CVE-2020-12110


TITLE

plural TP-Link Vulnerability in using hard-coded credentials on devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-005193

DESCRIPTION

Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. plural TP-Link A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link NC200, etc. are all a network camera of TP-Link company in China. The swSystemBackup and sym.swSystemRestoreFile methods in many TP-Link products have security vulnerabilities, which are caused by the use of hard-coded encryption keys in the program. Remote attackers can use this vulnerability to obtain sensitive information from backup files. TP-Link NC series Cloud Cameras could allow a remote malicious user to obtain sensitive information, caused by the use of hardcoded encryption key in the swSystemBackup and sym.swSystemRestoreFile methods

Trust: 2.25

sources: NVD: CVE-2020-12110 // JVNDB: JVNDB-2020-005193 // CNVD: CNVD-2021-28010 // VULMON: CVE-2020-12110

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-28010

AFFECTED PRODUCTS

vendor:tp linkmodel:nc200scope:eqversion:2.1.6

Trust: 1.1

vendor:tp linkmodel:nc200scope:eqversion:2.1.9

Trust: 1.1

vendor:tp linkmodel:nc210scope:eqversion:1.0.3

Trust: 1.1

vendor:tp linkmodel:nc210scope:eqversion:1.0.4

Trust: 1.1

vendor:tp linkmodel:nc210scope:eqversion:1.0.9

Trust: 1.1

vendor:tp linkmodel:nc220scope:eqversion:1.2.0

Trust: 1.1

vendor:tp linkmodel:nc220scope:eqversion:1.3.0

Trust: 1.1

vendor:tp linkmodel:nc230scope:eqversion:1.0.3

Trust: 1.1

vendor:tp linkmodel:nc230scope:eqversion:1.2.1

Trust: 1.1

vendor:tp linkmodel:nc230scope:eqversion:1.3.0

Trust: 1.1

vendor:tp linkmodel:nc250scope:eqversion:1.0.8

Trust: 1.1

vendor:tp linkmodel:nc250scope:eqversion:1.0.10

Trust: 1.1

vendor:tp linkmodel:nc250scope:eqversion:1.2.1

Trust: 1.1

vendor:tp linkmodel:nc250scope:eqversion:1.3.0

Trust: 1.1

vendor:tp linkmodel:nc260scope:eqversion:1.0.5

Trust: 1.1

vendor:tp linkmodel:nc260scope:eqversion:1.0.6

Trust: 1.1

vendor:tp linkmodel:nc260scope:eqversion:1.4.1

Trust: 1.1

vendor:tp linkmodel:nc260scope:eqversion:1.5.0

Trust: 1.1

vendor:tp linkmodel:nc260scope:eqversion:1.5.2

Trust: 1.1

vendor:tp linkmodel:nc450scope:eqversion:1.0.15

Trust: 1.1

vendor:tp linkmodel:nc450scope:eqversion:1.1.2

Trust: 1.1

vendor:tp linkmodel:nc450scope:eqversion:1.3.4

Trust: 1.1

vendor:tp linkmodel:nc450scope:eqversion:1.5.3

Trust: 1.1

vendor:tp linkmodel:nc200scope:eqversion:2.1.9 build 200225

Trust: 0.8

vendor:tp linkmodel:nc210scope:eqversion:1.0.9 build 200304

Trust: 0.8

vendor:tp linkmodel:nc220scope:eqversion:1.3.0 build 200304

Trust: 0.8

vendor:tp linkmodel:nc230scope:eqversion:1.3.0 build 200304

Trust: 0.8

vendor:tp linkmodel:nc250scope:eqversion:1.3.0 build 200304

Trust: 0.8

vendor:tp linkmodel:nc260scope:eqversion:1.5.2 build 200304

Trust: 0.8

vendor:tp linkmodel:nc450scope:eqversion:1.5.2 build 200304

Trust: 0.8

vendor:tp linkmodel:tp-link nc200 2.1.6:160108 bscope: - version: -

Trust: 0.6

vendor:tp linkmodel:tp-link nc200scope:eqversion:2.1.9:200225

Trust: 0.6

vendor:tp linkmodel:tp-link nc220scope:eqversion:1.2.0:170516

Trust: 0.6

vendor:tp linkmodel:tp-link nc220scope:eqversion:1.3.0:180105

Trust: 0.6

vendor:tp linkmodel:tp-link nc220scope:eqversion:1.3.0:200304

Trust: 0.6

vendor:tp linkmodel:tp-link nc230scope:eqversion:1.0.3:160108

Trust: 0.6

vendor:tp linkmodel:tp-link nc230scope:eqversion:1.2.1:170515

Trust: 0.6

vendor:tp linkmodel:tp-link nc230scope:eqversion:1.3.0:200304

Trust: 0.6

vendor:tp linkmodel:tp-link nc250scope:eqversion:1.0.8:160108

Trust: 0.6

vendor:tp linkmodel:tp-link nc250scope:eqversion:1.0.10:160321

Trust: 0.6

vendor:tp linkmodel:tp-link nc250scope:eqversion:1.2.1:170515

Trust: 0.6

vendor:tp linkmodel:tp-link nc250scope:eqversion:1.3.0:200304

Trust: 0.6

vendor:tp linkmodel:tp-link nc260scope:eqversion:1.0.5:160804

Trust: 0.6

vendor:tp linkmodel:tp-link nc260scope:eqversion:1.0.6:161114

Trust: 0.6

vendor:tp linkmodel:tp-link nc260scope:eqversion:1.4.1:180720

Trust: 0.6

vendor:tp linkmodel:tp-link nc260scope:eqversion:1.5.0:181123

Trust: 0.6

vendor:tp linkmodel:tp-link nc260scope:eqversion:1.5.2:200304

Trust: 0.6

vendor:tp linkmodel:tp-link nc450scope:eqversion:1.0.15:160920

Trust: 0.6

vendor:tp linkmodel:tp-link nc450scope:eqversion:1.1.2:161013

Trust: 0.6

vendor:tp linkmodel:tp-link nc450scope:eqversion:1.3.4:171130

Trust: 0.6

vendor:tp linkmodel:tp-link nc450scope:eqversion:1.5.3:200304

Trust: 0.6

sources: CNVD: CNVD-2021-28010 // VULMON: CVE-2020-12110 // JVNDB: JVNDB-2020-005193 // NVD: CVE-2020-12110

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12110
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-005193
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-28010
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202005-006
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-12110
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-12110
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005193
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-28010
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-12110
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005193
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-28010 // VULMON: CVE-2020-12110 // JVNDB: JVNDB-2020-005193 // CNNVD: CNNVD-202005-006 // NVD: CVE-2020-12110

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.8

sources: JVNDB: JVNDB-2020-005193 // NVD: CVE-2020-12110

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-006

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202005-006

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005193

PATCH
title:Top Pageurl:https://www.tp-link.com/en/
Trust: 0.8
title:Patch for Vulnerabilities in trust management issues of multiple TP-Link productsurl:https://www.cnvd.org.cn/patchInfo/show/257956
Trust: 0.6
title:Multiple TP-Link Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117960
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-28010 // 
            
            
            
            JVNDB: JVNDB-2020-005193 // 
            
            
            
            CNNVD: CNNVD-202005-006

EXTERNAL IDS
db:NVDid:CVE-2020-12110
Trust: 3.1
db:PACKETSTORMid:157532
Trust: 2.5
db:JVNDBid:JVNDB-2020-005193
Trust: 0.8
db:CNVDid:CNVD-2021-28010
Trust: 0.6
db:CNNVDid:CNNVD-202005-006
Trust: 0.6
db:VULMONid:CVE-2020-12110
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-28010 // 
            
            
            
            VULMON: CVE-2020-12110 // 
            
            
            
            JVNDB: JVNDB-2020-005193 // 
            
            
            
            CNNVD: CNNVD-202005-006 // 
            
            
            
            NVD: CVE-2020-12110

REFERENCES
url:http://packetstormsecurity.com/files/157532/tp-link-cloud-cameras-ncxxx-hardcoded-encryption-key.html
Trust: 3.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-12110
Trust: 2.0
url:https://seclists.org/fulldisclosure/2020/may/3
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12110
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/181258
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-28010 // 
            
            
            
            VULMON: CVE-2020-12110 // 
            
            
            
            JVNDB: JVNDB-2020-005193 // 
            
            
            
            CNNVD: CNNVD-202005-006 // 
            
            
            
            NVD: CVE-2020-12110

CREDITS
Pietro Oliva
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202005-006

SOURCES
db:CNVDid:CNVD-2021-28010
db:VULMONid:CVE-2020-12110
db:JVNDBid:JVNDB-2020-005193
db:CNNVDid:CNNVD-202005-006
db:NVDid:CVE-2020-12110

LAST UPDATE DATE
2024-11-23T22:48:00.215000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-28010date:2021-04-14T00:00:00
db:VULMONid:CVE-2020-12110date:2020-05-12T00:00:00
db:JVNDBid:JVNDB-2020-005193date:2020-06-09T00:00:00
db:CNNVDid:CNNVD-202005-006date:2020-05-13T00:00:00
db:NVDid:CVE-2020-12110date:2024-11-21T04:59:16.057

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-28010date:2021-04-14T00:00:00
db:VULMONid:CVE-2020-12110date:2020-05-04T00:00:00
db:JVNDBid:JVNDB-2020-005193date:2020-06-09T00:00:00
db:CNNVDid:CNNVD-202005-006date:2020-05-01T00:00:00
db:NVDid:CVE-2020-12110date:2020-05-04T14:15:13.277