Strike ID:
E20-9tjh1
CVSS:
9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
False Positive:
t
Variants:
2
Year:
2020

Description

A remote command injection exists in multiple TP-Link Cloud Camera devices NC2XX due to lack of user input sanitization. By sending a crafted sysname POST parameter to /setsysname.fcgi path, a remote authenticated commander may execute arbitrary commands on the target system.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}