CVE-2020-12109

HIGH

Tp-link Nc200 Firmware - OS Command Injection

Title source: rule

Description

Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/tp_link_ncxxx_bonjour_command_injection.rb

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2020/May/2

[Vendor Advisory] https://www.tp-link.com/us/security

Scores

CVSS v3 8.8

EPSS 0.8161

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (23)

tp-link/nc200_firmware 2.1.6 160108_b

tp-link/nc200_firmware 2.1.9 200225

tp-link/nc210_firmware 1.0.3 160229

tp-link/nc210_firmware 1.0.4 160412

tp-link/nc210_firmware 1.0.9 200304

tp-link/nc220_firmware 1.2.0 170516

tp-link/nc220_firmware 1.3.0 180105 (2 CPE variants)

tp-link/nc230_firmware 1.0.3 160108

tp-link/nc230_firmware 1.2.1 170515

tp-link/nc230_firmware 1.3.0 200304

... and 13 more

Published May 04, 2020

Tracked Since Feb 18, 2026