CVE-2021-4045

CRITICAL EXPLOITED IN THE WILD

TP-Link Tapo C200 Firmware < 1.1.15 - Unauthenticated Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-4045 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 8 public exploits from researchers including hacefresko, 0xbinder, DorskFR.

AI-analyzed exploit summary This exploit leverages an unauthenticated RCE vulnerability in TP-Link Tapo C200 cameras by injecting a reverse shell payload via the 'setLanguage' method. It uses a threading model to simultaneously listen for the reverse shell while delivering the payload.

Description

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.

Exploits (8)

exploitdb WORKING POC
by hacefresko · pythonwebappshardware
https://www.exploit-db.com/exploits/51017

This exploit leverages an unauthenticated RCE vulnerability in TP-Link Tapo C200 cameras by injecting a reverse shell payload via the 'setLanguage' method. It uses a threading model to simultaneously listen for the reverse shell while delivering the payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TP-Link Tapo C200 firmware versions 1.1.15 and below
No auth needed
Prerequisites: Network access to the target device · Attacker-controlled machine to receive the reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 106 stars
by hacefresko · remote
https://github.com/hacefresko/CVE-2021-4045

This repository contains a functional exploit for CVE-2021-4045, a command injection vulnerability in TP-Link Tapo C200 IP cameras. The exploit leverages insufficient input validation in the `setLanguage` method to achieve unauthenticated remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TP-Link Tapo C200 IP Camera (firmware versions prior to 1.1.16 Build 211209 Rel. 37726N)
No auth needed
Prerequisites: Network access to the target device · Python environment with `requests` library
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 7 stars
by 0xbinder · remote-auth
https://github.com/0xbinder/CVE-2021-4045

This repository contains a functional exploit for CVE-2021-4045, a command injection vulnerability in TP-Link Tapo C200 cameras. The exploit provides two modes: a reverse shell for remote code execution and an RTSP mode to manipulate camera settings.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TP-Link Tapo C200 firmware versions < 1.1.16 Build 211209
No auth needed
Prerequisites: Network access to the vulnerable device · Python environment with required dependencies
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC 5 stars
by hacefresko · pythonpoc
https://github.com/hacefresko/CVEs/tree/main/CVE-2021-4045

This repository contains a functional exploit for CVE-2021-4045, a command injection vulnerability in TP-Link Tapo C200 IP cameras. The exploit leverages insufficient input validation in the `setLanguage` method to achieve unauthenticated remote code execution via crafted JSON payloads.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TP-Link Tapo C200 (firmware versions prior to 1.1.16 Build 211209 Rel. 37726N)
No auth needed
Prerequisites: Network access to the target device · Python environment with `requests` library
devstral-2 · analyzed Apr 29, 2026 Full analysis →
nomisec WORKING POC 1 stars
by DorskFR · remote
https://github.com/DorskFR/tapodate

This repository contains a functional PoC exploit for CVE-2021-4045, targeting Tapo C200 cameras. It leverages a command injection vulnerability in the `setLanguage` method to execute arbitrary commands, including setting the date, modifying `/etc/hosts`, and enabling a telnet daemon.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: TP-Link Tapo C200
No auth needed
Prerequisites: Network access to the vulnerable camera · Camera must be offline or reachable
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by jeffbezosispogg · remote-auth
https://github.com/jeffbezosispogg/CVE-2021-4045

This PoC exploits an unauthenticated RCE vulnerability in TP-LINK Tapo C200 cameras (CVE-2021-4045) by injecting a reverse shell payload via the `setLanguage` method. It uses a threaded netcat listener to catch the shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TP-LINK Tapo C200 firmware 1.1.15 and below
No auth needed
Prerequisites: Network access to the vulnerable device · Attacker-controlled listener IP
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by kaleth4 · remote
https://github.com/kaleth4/CVE-2021-4045

This repository provides a detailed technical writeup on CVE-2021-4045, a command injection vulnerability in TP-Link Tapo C200 cameras. It includes reconnaissance steps, UART access, and exploration of the device's firmware and services.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: TP-Link Tapo C200 (firmware versions prior to 1.1.16 Build 211209 Rel. 37726N)
No auth needed
Prerequisites: Physical access to the device for UART connection · USB-to-TTL adapter · Basic soldering skills
devstral-2 · analyzed Jun 12, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.7303
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-04-01
InTheWild.io 2022-04-03
CWE
CWE-77
Status published
Products (1)
tp-link/tapo_c200_firmware < 1.1.15
Published Mar 10, 2022
Tracked Since Feb 18, 2026