CVE-2023-49515

MEDIUM

TP Link TC70 and C200 WIFI Camera <1.3.4 - Info Disclosure

Title source: llm

Description

Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components.

References (2)

[Exploit, Third Party Advisory] https://github.com/VineethKumarM/TAPO-TC70-Unauthorized-root-access-using-UART

View Exploit ZIP pw:eip

[Exploit, Third Party Advisory] https://github.com/VineethKumarM/TAPO-TC70-Unauthorized-root-access-using-UART/tree/master

Scores

CVSS v3 4.6

EPSS 0.0011

EPSS Percentile 29.2%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-922

Status published

Products (6)

tp-link/tapo_c200_firmware 1.1.22

tp-link/tapo_c200_firmware 1.3.4

tp-link/tapo_c200_firmware 1.3.9

tp-link/tapo_tc70_firmware 1.1.22

tp-link/tapo_tc70_firmware 1.3.4

tp-link/tapo_tc70_firmware 1.3.9

Published Jan 17, 2024

Tracked Since Feb 18, 2026