Home / os / winnt

TP-LINK Cloud Cameras NCXXX SetEncryptKey Command Injection

Posted on 04 May 2020

TP-LINK Cloud Cameras including products NC260 and NC450 suffer from a command injection vulnerability. The issue is located in the httpSetEncryptKeyRpm method (handler for /setEncryptKey.fcgi) of the ipcamera binary, where the user-controlled EncryptKey parameter is used directly as part of a command line to be executed as root without any input sanitization.

 

TOP

Malware :

Exploits :