TP-LINK Cloud Cameras NCXXX SetEncryptKey Command Injection
Posted by deepcore on May 5, 2020 – 7:33 pm
TP-LINK Cloud Cameras including products NC260 and NC450 suffer from a command injection vulnerability. The issue is located in the httpSetEncryptKeyRpm method (handler for /setEncryptKey.fcgi) of the ipcamera binary, where the user-controlled EncryptKey parameter is used directly as part of a command line to be executed as root without any input sanitization.
Post a reply
You must be logged in to post a comment.