E20-9tjh1
CVSS:
8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
2
Year:
2020
Description
A remote command injection exists in multiple TP-Link Cloud Camera devices (NC2XX) due to lack of user input sanitization.
By sending a crafted 'sysname' POST parameter to '/setsysname.fcgi' path, a remote authenticated commander may execute arbitrary commands on the target system.