CVE-2021-4045

CRITICAL EXPLOITED IN THE WILD

TP-Link Tapo C200 <1.1.15 - RCE

Title source: llm

Description

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.

Exploits (7)

exploitdb WORKING POC

by hacefresko · pythonwebappshardware

https://www.exploit-db.com/exploits/51017

View Code ZIP pw:eip

nomisec WORKING POC 106 stars

by hacefresko · remote

https://github.com/hacefresko/CVE-2021-4045

View Code ZIP pw:eip

nomisec WORKING POC 7 stars

by 0xbinder · remote-auth

https://github.com/0xbinder/CVE-2021-4045

View Code ZIP pw:eip

github FAILED 5 stars

by hacefresko · pythonpoc

https://github.com/hacefresko/CVEs/tree/main/CVE-2021-4045

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by DorskFR · remote

https://github.com/DorskFR/tapodate

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by jeffbezosispogg · remote-auth

https://github.com/jeffbezosispogg/CVE-2021-4045

View Code ZIP pw:eip

nomisec NO CODE

by 234329a423853 · poc

https://github.com/234329a423853/CVE-2021-4045

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/168472/TP-Link-Tapo-c200-1.1.15-Remote-Code-Execution.html

[Third Party Advisory] https://www.incibe-cert.es/en/early-warning/security-advisories/tp-link-tapo-c200-remote-code-execution-vulnerability

Scores

CVSS v3 9.8

EPSS 0.9064

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-04-01

InTheWild.io 2022-04-03

CWE

CWE-77

Status published

Products (1)

tp-link/tapo_c200_firmware < 1.1.15

Published Mar 10, 2022

Tracked Since Feb 18, 2026