TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)

vendor:

Tapo c200

by:

hacefresko

9.8

CVSS

CRITICAL

Remote Code Execution (RCE)

CWE

Product Name: Tapo c200

Affected Version From: 1.1.11

Affected Version To: 1.1.15

Patch Exists: YES

Related CWE: CVE-2021-4045

CPE: h:tp-link:tapo_c200

Metasploit:

Other Scripts:

Platforms Tested: 1.1.11, 1.1.14 and 1.1.15

2022

TP-Link Tapo c200 1.1.15 – Remote Code Execution (RCE)

TP-Link Tapo c200 is vulnerable to an unauthenticated remote code execution (RCE) vulnerability. An attacker can exploit this vulnerability by sending a malicious payload to the device. The payload will be executed on the device without any authentication. This vulnerability affects TP-Link Tapo c200 versions 1.1.15 and below.

Mitigation:

Upgrade to the latest version of TP-Link Tapo c200.

Source

TP-Link Tapo c200 1.1.15 – Remote Code Execution (RCE)

Mitigation:

Exploit-DB raw data: