CVE-2020-10231

TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2020/Apr/5	Exploit Mailing List Patch Third Party Advisory
http://seclists.org/fulldisclosure/2020/Mar/54	Exploit Mailing List Third Party Advisory
http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2020/Apr/5	Exploit Mailing List Patch Third Party Advisory
http://seclists.org/fulldisclosure/2020/Mar/54	Exploit Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:tp-link:nc450_firmware:1.1.1:160928::::::
	cpe:2.3:o:tp-link:nc450_firmware:1.1.2:161013::::::
	cpe:2.3:o:tp-link:nc450_firmware:1.1.6:161124::::::
	cpe:2.3:o:tp-link:nc450_firmware:1.5.0:181022::::::

cpe:2.3:h:tp-link:nc450:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:tp-link:nc260_firmware:1.0.5:160804::::::
	cpe:2.3:o:tp-link:nc260_firmware:1.0.6:161114::::::
	cpe:2.3:o:tp-link:nc260_firmware:1.5.1:190805::::::

cpe:2.3:h:tp-link:nc260:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:tp-link:nc250_firmware:1.3.0:171205:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc250:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:tp-link:nc230_firmware:1.3.0:171205:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc230:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:tp-link:nc220_firmware:1.1.12:160321_a::::::
	cpe:2.3:o:tp-link:nc220_firmware:1.1.12:160321_b::::::
	cpe:2.3:o:tp-link:nc220_firmware:1.1.14:161219::::::
	cpe:2.3:o:tp-link:nc220_firmware:1.2.0:170516::::::
	cpe:2.3:o:tp-link:nc220_firmware:1.3.0:180105::::::

cpe:2.3:h:tp-link:nc220:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:tp-link:nc210_firmware:1.0.9:171214:*:*:*:*:*:*

cpe:2.3:h:tp-link:nc210:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:tp-link:nc200_firmware:2.1.6:160108_a::::::
	cpe:2.3:o:tp-link:nc200_firmware:2.1.6:160108_b::::::
	cpe:2.3:o:tp-link:nc200_firmware:2.1.7:160315_a::::::
	cpe:2.3:o:tp-link:nc200_firmware:2.1.7:160315_b::::::
	cpe:2.3:o:tp-link:nc200_firmware:2.1.8:171109::::::

cpe:2.3:h:tp-link:nc200:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:55

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html - Exploit, Third Party Advisory, VDB Entry~~	() http://packetstormsecurity.com/files/157048/TP-LINK-Cloud-Cameras-NCXXX-Remote-NULL-Pointer-Dereference.html - Exploit, Third Party Advisory, VDB Entry
References	~~() http://seclists.org/fulldisclosure/2020/Apr/5 - Exploit, Mailing List, Patch, Third Party Advisory~~	() http://seclists.org/fulldisclosure/2020/Apr/5 - Exploit, Mailing List, Patch, Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2020/Mar/54 - Exploit, Mailing List, Third Party Advisory~~	() http://seclists.org/fulldisclosure/2020/Mar/54 - Exploit, Mailing List, Third Party Advisory

Information

Published : 2020-04-01 14:15

Updated : 2024-11-21 04:55

NVD link : CVE-2020-10231

Mitre link : CVE-2020-10231

CVE.ORG link : CVE-2020-10231

JSON object : View

Products Affected

tp-link

nc260
nc250_firmware
nc450
nc250
nc260_firmware
nc450_firmware
nc230
nc200_firmware
nc220_firmware
nc210_firmware
nc210
nc230_firmware
nc200
nc220

CWE

CWE-476

NULL Pointer Dereference

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2020-10231

7.5^/10

5.0^/10

Attach tags to `CVE-2020-10231`