Details of VAR-202006-0114

ID

VAR-202006-0114

CVE

CVE-2020-13224

TITLE

plural TP-LINK Product Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006943

DESCRIPTION

TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow. plural TP-LINK Product Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link NC200, etc. are all a network camera of TP-Link company in China. There are buffer overflow vulnerabilities in many TP-LINK products. Attackers can use this vulnerability to cause the ipcamera process to crash or execute arbitrary code with root privileges

Trust: 2.16

sources: NVD: CVE-2020-13224 // JVNDB: JVNDB-2020-006943 // CNVD: CNVD-2021-20272

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-20272

AFFECTED PRODUCTS

vendor:	tp link	model:	nc220	scope:	lte	version:	1.3.1	Trust: 1.0
vendor:	tp link	model:	nc250	scope:	lte	version:	1.3.1	Trust: 1.0
vendor:	tp link	model:	nc200	scope:	lte	version:	2.1.10	Trust: 1.0
vendor:	tp link	model:	nc230	scope:	lte	version:	1.3.1	Trust: 1.0
vendor:	tp link	model:	nc450	scope:	lte	version:	1.5.4	Trust: 1.0
vendor:	tp link	model:	nc260	scope:	lte	version:	1.5.3	Trust: 1.0
vendor:	tp link	model:	nc210	scope:	lte	version:	1.0.10	Trust: 1.0
vendor:	tp link	model:	nc200	scope:	eq	version:	2.1.10 build 200401	Trust: 0.8
vendor:	tp link	model:	nc210	scope:	eq	version:	1.0.10 build 200401	Trust: 0.8
vendor:	tp link	model:	nc220	scope:	eq	version:	1.3.1 build 200401	Trust: 0.8
vendor:	tp link	model:	nc230	scope:	eq	version:	1.3.1 build 200401	Trust: 0.8
vendor:	tp link	model:	nc250	scope:	eq	version:	1.3.1 build 200401	Trust: 0.8
vendor:	tp link	model:	nc260	scope:	eq	version:	1.5.3 build_200401	Trust: 0.8
vendor:	tp link	model:	nc450	scope:	eq	version:	1.5.4 build 200401	Trust: 0.8
vendor:	tp link	model:	tp-link nc200 build	scope:	lte	version:	<=2.1.10200401	Trust: 0.6
vendor:	tp link	model:	tp-link nc210 build	scope:	lte	version:	<=1.0.10200401	Trust: 0.6
vendor:	tp link	model:	tp-link nc220 build	scope:	lte	version:	<=1.3.1200401	Trust: 0.6
vendor:	tp link	model:	tp-link nc230 build	scope:	lte	version:	<=1.3.1200401	Trust: 0.6
vendor:	tp link	model:	tp-link nc250 build	scope:	lte	version:	<=1.3.1200401	Trust: 0.6
vendor:	tp link	model:	tp-link nc260 build 200401	scope:	lte	version:	<=1.5.3	Trust: 0.6
vendor:	tp link	model:	tp-link nc450 build	scope:	lte	version:	<=1.5.4200401	Trust: 0.6

sources: CNVD: CNVD-2021-20272 // JVNDB: JVNDB-2020-006943 // NVD: CVE-2020-13224

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-13224
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006943
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-20272
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202006-1096
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-13224
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006943
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-20272
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-13224
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006943
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-20272 // JVNDB: JVNDB-2020-006943 // CNNVD: CNNVD-202006-1096 // NVD: CVE-2020-13224

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2020-006943 // NVD: CVE-2020-13224

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1096

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202006-1096

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006943

PATCH

title:	Security Advisory	url:	https://www.tp-link.com/us/security	Trust: 0.8
title:	Patches for buffer overflow vulnerabilities in many TP-Link products	url:	https://www.cnvd.org.cn/patchInfo/show/253696	Trust: 0.6

sources: CNVD: CNVD-2021-20272 // JVNDB: JVNDB-2020-006943

EXTERNAL IDS

db:	NVD	id:	CVE-2020-13224	Trust: 3.0
db:	PACKETSTORM	id:	158115	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-006943	Trust: 0.8
db:	CNVD	id:	CNVD-2021-20272	Trust: 0.6
db:	NSFOCUS	id:	47341	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1096	Trust: 0.6

sources: CNVD: CNVD-2021-20272 // JVNDB: JVNDB-2020-006943 // CNNVD: CNNVD-202006-1096 // NVD: CVE-2020-13224

REFERENCES

url:	http://packetstormsecurity.com/files/158115/tp-link-cloud-cameras-ncxxx-stack-overflow.html	Trust: 3.0
url:	https://www.tp-link.com/us/security	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13224	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13224	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47341	Trust: 0.6

sources: JVNDB: JVNDB-2020-006943 // CNNVD: CNNVD-202006-1096 // NVD: CVE-2020-13224

CREDITS

Pietro Oliva

Trust: 0.6

sources: CNNVD: CNNVD-202006-1096

SOURCES

db:	CNVD	id:	CNVD-2021-20272
db:	JVNDB	id:	JVNDB-2020-006943
db:	CNNVD	id:	CNNVD-202006-1096
db:	NVD	id:	CVE-2020-13224

LAST UPDATE DATE

2024-11-23T23:01:22.421000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-20272	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-006943	date:	2020-07-22T00:00:00
db:	CNNVD	id:	CNNVD-202006-1096	date:	2020-07-31T00:00:00
db:	NVD	id:	CVE-2020-13224	date:	2024-11-21T05:00:50.047

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-20272	date:	2021-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-006943	date:	2020-07-22T00:00:00
db:	CNNVD	id:	CNNVD-202006-1096	date:	2020-06-16T00:00:00
db:	NVD	id:	CVE-2020-13224	date:	2020-06-17T13:15:11.210