CVE-2022-41505

An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/bin/sh value.

CVSS v3 6.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/hemant70072/Access-control-issue-in-TP-Link-Tapo-C200-V1.	Exploit Third Party Advisory
https://github.com/hemant70072/Access-control-issue-in-TP-Link-Tapo-C200-V1.	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tp-link:tapo_c200_v1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tapo_c200_v1:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:23

Type	Values Removed	Values Added
Summary		(es) Un problema de control de acceso en dispositivos TP-LInk Tapo C200 V1 permite a atacantes físicamente próximos obtener acceso de root conectándose a los pines UART, interrumpiendo el proceso de arranque y estableciendo un valor init=/bin/sh.
References	~~() https://github.com/hemant70072/Access-control-issue-in-TP-Link-Tapo-C200-V1. - Exploit, Third Party Advisory~~	() https://github.com/hemant70072/Access-control-issue-in-TP-Link-Tapo-C200-V1. - Exploit, Third Party Advisory

08 Aug 2023, 14:21

Type	Values Removed	Values Added
CWE	~~CWE-862~~	NVD-CWE-Other

Information

Published : 2023-01-23 15:15

Updated : 2024-11-21 07:23

NVD link : CVE-2022-41505

Mitre link : CVE-2022-41505

CVE.ORG link : CVE-2022-41505

JSON object : View

Products Affected

tp-link

tapo_c200_v1_firmware
tapo_c200_v1

CWE

NVD-CWE-Other

6.4 /10