CVE-2020-12109: OS Command Injection
First published: Mon May 04 2020(Updated: )
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tp-link Nc200 Firmware | =2.1.6-160108_b | |
| Tp-link Nc200 Firmware | =2.1.9-200225 | |
| TP-LINK NC200 | ||
| Tp-link Nc210 Firmware | =1.0.3-160229 | |
| Tp-link Nc210 Firmware | =1.0.4-160412 | |
| Tp-link Nc210 Firmware | =1.0.9-200304 | |
| Tp-link Nc210 | ||
| Tp-link Nc220 Firmware | =1.2.0-170516 | |
| Tp-link Nc220 Firmware | =1.3.0-180105 | |
| Tp-link Nc220 Firmware | =1.3.0-200304 | |
| Tp-link Nc220 | ||
| Tp-link Nc230 Firmware | =1.0.3-160108 | |
| Tp-link Nc230 Firmware | =1.2.1-170515 | |
| Tp-link Nc230 Firmware | =1.3.0-200304 | |
| Tp-link Nc230 | ||
| Tp-link Nc250 Firmware | =1.0.8-160108 | |
| Tp-link Nc250 Firmware | =1.0.10-160321 | |
| Tp-link Nc250 Firmware | =1.2.1-170515 | |
| Tp-link Nc250 Firmware | =1.3.0-200304 | |
| TP-Link NC250 | ||
| Tp-link Nc260 Firmware | =1.0.5-160804 | |
| Tp-link Nc260 Firmware | =1.0.6-161114 | |
| Tp-link Nc260 Firmware | =1.4.1-180720 | |
| Tp-link Nc260 Firmware | =1.5.0-181123 | |
| Tp-link Nc260 Firmware | =1.5.2-200304 | |
| Tp-link Nc260 | ||
| Tp-link Nc450 Firmware | =1.0.15-160920 | |
| Tp-link Nc450 Firmware | =1.1.2-161013 | |
| Tp-link Nc450 Firmware | =1.3.4-171130 | |
| Tp-link Nc450 Firmware | =1.5.3-200304 | |
| Tp-link Nc450 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-12109?
CVE-2020-12109 is a vulnerability that allows Command Injection in certain TP-Link devices.
Which TP-Link devices are affected by CVE-2020-12109?
The TP-Link devices affected by CVE-2020-12109 are NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.
What is the severity of CVE-2020-12109?
CVE-2020-12109 has a severity rating of 8.8 (Critical).
How can I fix CVE-2020-12109?
To fix CVE-2020-12109, update the firmware of the affected TP-Link devices to the latest available version.
Where can I find more information about CVE-2020-12109?
You can find more information about CVE-2020-12109 on the following URLs: [1] http://packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html [2] http://packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection.html [3] https://seclists.org/fulldisclosure/2020/May/2
- collector/nvd-index
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/tp-link
- canonical/tp-link nc200 firmware
- version/tp-link nc200 firmware/2.1.6-160108_b
- version/tp-link nc200 firmware/2.1.9-200225
- canonical/tp-link nc200
- canonical/tp-link nc210 firmware
- version/tp-link nc210 firmware/1.0.3-160229
- version/tp-link nc210 firmware/1.0.4-160412
- version/tp-link nc210 firmware/1.0.9-200304
- canonical/tp-link nc210
- canonical/tp-link nc220 firmware
- version/tp-link nc220 firmware/1.2.0-170516
- version/tp-link nc220 firmware/1.3.0-180105
- version/tp-link nc220 firmware/1.3.0-200304
- canonical/tp-link nc220
- canonical/tp-link nc230 firmware
- version/tp-link nc230 firmware/1.0.3-160108
- version/tp-link nc230 firmware/1.2.1-170515
- version/tp-link nc230 firmware/1.3.0-200304
- canonical/tp-link nc230
- canonical/tp-link nc250 firmware
- version/tp-link nc250 firmware/1.0.8-160108
- version/tp-link nc250 firmware/1.0.10-160321
- version/tp-link nc250 firmware/1.2.1-170515
- version/tp-link nc250 firmware/1.3.0-200304
- canonical/tp-link nc250
- canonical/tp-link nc260 firmware
- version/tp-link nc260 firmware/1.0.5-160804
- version/tp-link nc260 firmware/1.0.6-161114
- version/tp-link nc260 firmware/1.4.1-180720
- version/tp-link nc260 firmware/1.5.0-181123
- version/tp-link nc260 firmware/1.5.2-200304
- canonical/tp-link nc260
- canonical/tp-link nc450 firmware
- version/tp-link nc450 firmware/1.0.15-160920
- version/tp-link nc450 firmware/1.1.2-161013
- version/tp-link nc450 firmware/1.3.4-171130
- version/tp-link nc450 firmware/1.5.3-200304
- canonical/tp-link nc450