CVE-2020-12110

CRITICAL

TP-Link NC200/NC210/NC220/NC230/NC250/NC260/NC450 Firmware - Use of Hard-coded Encryption Key

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-12110. Includes Metasploit module exploits/linux/http/tp_link_ncxxx_bonjour_command_injection.

AI-analyzed exploit summary This Metasploit module exploits an authenticated command injection vulnerability in TP-Link NCXXX series cameras by manipulating the device name via the Bonjour service, leading to arbitrary command execution as root.

Description

Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

Exploits (1)

metasploit WORKING POC EXCELLENT
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/tp_link_ncxxx_bonjour_command_injection.rb

This Metasploit module exploits an authenticated command injection vulnerability in TP-Link NCXXX series cameras by manipulating the device name via the Bonjour service, leading to arbitrary command execution as root.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: TP-Link Cloud Cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450)
Auth required
Prerequisites: Valid credentials for the web interface · Bonjour service enabled or ability to enable it
mistral-large-3 · analyzed Jun 05, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2020/May/3

Scores

CVSS v3 9.8
EPSS 0.1440
EPSS Percentile 96.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (23)
tp-link/nc200_firmware 2.1.6 160108_b
tp-link/nc200_firmware 2.1.9 200225
tp-link/nc210_firmware 1.0.3 160229
tp-link/nc210_firmware 1.0.4 160412
tp-link/nc210_firmware 1.0.9 200304
tp-link/nc220_firmware 1.2.0 170516
tp-link/nc220_firmware 1.3.0 180105 (2 CPE variants)
tp-link/nc230_firmware 1.0.3 160108
tp-link/nc230_firmware 1.2.1 170515
tp-link/nc230_firmware 1.3.0 200304
... and 13 more
Published May 04, 2020
Tracked Since Feb 18, 2026