CVE-2020-12110
published 2020-05-04CVE-2020-12110: Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
14.40%
96.2th percentile
Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tp-link | nc200_firmware | — | — |
| tp-link | nc200_firmware | — | — |
| tp-link | nc210_firmware | — | — |
| tp-link | nc210_firmware | — | — |
| tp-link | nc210_firmware | — | — |
| tp-link | nc220_firmware | — | — |
| tp-link | nc220_firmware | — | — |
| tp-link | nc230_firmware | — | — |
| tp-link | nc230_firmware | — | — |
| tp-link | nc230_firmware | — | — |
| tp-link | nc250_firmware | — | — |
| tp-link | nc250_firmware | — | — |
| tp-link | nc250_firmware | — | — |
| tp-link | nc250_firmware | — | — |
| tp-link | nc260_firmware | — | — |
| tp-link | nc260_firmware | — | — |
| tp-link | nc260_firmware | — | — |
| tp-link | nc260_firmware | — | — |
| tp-link | nc260_firmware | — | — |
| tp-link | nc450_firmware | — | — |
| tp-link | nc450_firmware | — | — |
| tp-link | nc450_firmware | — | — |
| tp-link | nc450_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Shell metacharacters injected into the system/device name field (alias) are passed unsanitized into a shell command within swBonjourStartHTTP, executing as root. Monitor for shell metacharacters in device name/alias fields on TP-Link NC-series camera HTTP interfaces. ↗
- →On NC210 devices, CVE-2020-12110 (hardcoded encryption key) is chained to write the configuration file, which is then read by swBonjourStartHTTP without validation to achieve code execution. Detect unexpected configuration file writes on NC210 devices. ↗
- ·CVE-2020-12110 specifically involves a hardcoded encryption key present across multiple TP-Link NC-series firmware versions. The hardcoded key enables an attacker to encrypt/decrypt and write arbitrary configuration files on NC210 devices, which is the prerequisite for the chained RCE attack. ↗
- ·The exploit requires authentication. The command injection via /setsysname.cgi is blocked on NC210 by input validation, but all other NC-series models (NC200, NC220, NC230, NC250, NC260, NC450) are directly exploitable via that endpoint. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2020-05-04
Published