CVE-2020-12111
HIGHTP-Link NC260 1.5.2 and NC450 1.5.3 - OS Command Injection
Title source: llmDescription
Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.tp-link.com/us/security
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2020/May/4
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/157533/TP-LINK-Cloud-Cameras-NCXXX-SetEncryptKey-Command-Injection.html
Scores
CVSS v3
8.8
EPSS
0.0451
EPSS Percentile
89.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (9)
tp-link/nc260_firmware
1.0.5 160804
tp-link/nc260_firmware
1.0.6 161114
tp-link/nc260_firmware
1.4.1 180720
tp-link/nc260_firmware
1.5.0 181123
tp-link/nc260_firmware
1.5.2 200304
tp-link/nc450_firmware
1.0.15 160920
tp-link/nc450_firmware
1.1.2 161013
tp-link/nc450_firmware
1.3.4 171130
tp-link/nc450_firmware
1.5.3 200304
Published
May 04, 2020
Tracked Since
Feb 18, 2026