Hello there. Today I would like to share with you my first CVE, which corresponds to a command injection vulnerability found a couple months ago in the TP-Link Tapo c200 camera, that allows an attacker to take full control of the device with root privileges. It was assigned CVE-2021-4045 by the INCIBE, and you can check the official advisory here. The vulnerability affects all firmware versions prior to 1.1.16 Build 211209 Rel. 37726N, so if you own this model, I suggest you update it.
Findings / Shell access · nervous-inhuman tplink-tapo-c200-re · Discussion #6 · GitHub
TP-Link Tapo Pan/Tilt Security Camera for Baby Monitor, Pet Camera w/ Motion Detection, 1080P, 2-Way Audio, Night Vision, Cloud & SD Card Storage, Works with Alexa & Google Home (Tapo
Fans0n (@00mask1) / X
Findings / Shell access · nervous-inhuman tplink-tapo-c200-re · Discussion #6 · GitHub
Aobelieve Flexible Clamp Mount for TP-Link Tapo C200 and C210 Camera : Electronics
TP-Link Tapo Pan/Tilt Security Camera for Baby Monitor, Pet Camera w/ Motion Detection, 1080P, 2-Way Audio, Night Vision, Cloud & SD Card Storage, Works with Alexa & Google Home (Tapo
TP-Link TC65 Camara WiFi 3MP Outdoor : Electronics
Joşé Mąríą A. on LinkedIn: TP-Link Tapo c200 Camera Unauthenticated RCE (CVE -4045-2021)
TP-Link Tapo c200 Camera Unauthenticated RCE (CVE-2021-4045) - hacefresko
Tapo C200, Pan/Tilt Home Security Wi-Fi Camera
Hacking into Wi-Fi Camera TP-Link Tapo C200 (CVE-2021–4045), by LeoX
TP-Link TC65 Camara WiFi 3MP Outdoor : Electronics
TP-Link Home Security Wi-Fi Camera Tapo C100
Custom Component] Tapo: Cameras Control - Custom Integrations - Home Assistant Community
0xor0ne on X: TP-Link Tapo c200 command injection vulnerability writeup ( CVE-2021-4045) Credits @hacefresko #iot #embedded #infosec #cybersec #cve / X