CVE-2020-12109

HIGH

TP-Link NC200/NC210/NC220/NC230/NC250/NC260/NC450 Firmware - OS Command Injection via Bonjour Service

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-12109. Includes Metasploit module exploits/linux/http/tp_link_ncxxx_bonjour_command_injection.

AI-analyzed exploit summary This Metasploit module exploits an authenticated command injection vulnerability in TP-Link NCXXX series cameras by manipulating the device name via the Bonjour service, leading to arbitrary command execution as root.

Description

Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/tp_link_ncxxx_bonjour_command_injection.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated command injection vulnerability in TP-Link NCXXX series cameras by manipulating the device name via the Bonjour service, leading to arbitrary command execution as root.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: TP-Link NC200, NC210, NC220, NC230, NC250, NC260, NC450

Auth required

Prerequisites: Valid credentials for the TP-Link camera web interface · Bonjour service enabled or ability to enable it

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

https://www.tp-link.com/us/security

Exploit, Mailing List, Third Party Advisory x_refsource_misc

https://seclists.org/fulldisclosure/2020/May/2

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html

Scores

CVSS v3 8.8

EPSS 0.7434

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (23)

tp-link/nc200_firmware 2.1.6 160108_b

tp-link/nc200_firmware 2.1.9 200225

tp-link/nc210_firmware 1.0.3 160229

tp-link/nc210_firmware 1.0.4 160412

tp-link/nc210_firmware 1.0.9 200304

tp-link/nc220_firmware 1.2.0 170516

tp-link/nc220_firmware 1.3.0 180105 (2 CPE variants)

tp-link/nc230_firmware 1.0.3 160108

tp-link/nc230_firmware 1.2.1 170515

tp-link/nc230_firmware 1.3.0 200304

... and 13 more

Published May 04, 2020

Tracked Since Feb 18, 2026