|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-06-10 | |
| Rule Name: | TP-Link Sysname OS Command Injection Vulnerability (CVE-2020-12109) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Network Device | |
| Reference: | http://packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html https://seclists.org/fulldisclosure/2020/May/2 https://www.tp-link.com/us/security |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://www.tp-link.com/ |