Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2020-12109

Description

Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

POC

Reference

- http://packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html

- http://packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html

Github

- https://github.com/ARPSyndicate/cvemon

- https://github.com/HimmelAward/Goby_POC

- https://github.com/Live-Hack-CVE/CVE-2020-12109

- https://github.com/NyxAzrael/Goby_POC

- https://github.com/Z0fhack/Goby_POC