Vulnerability Details CVE-2023-49515
Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.4%
CVSS Severity
CVSS v3 Score 4.6
References
- https://github.com/VineethKumarM/TAPO-TC70-Unauthorized-root-access-using-UART
- https://github.com/VineethKumarM/TAPO-TC70-Unauthorized-root-access-using-UART/tree/master
- https://github.com/VineethKumarM/TAPO-TC70-Unauthorized-root-access-using-UART
- https://github.com/VineethKumarM/TAPO-TC70-Unauthorized-root-access-using-UART/tree/master
Products affected by CVE-2023-49515
-
cpe:2.3:h:tp-link:tapo_c200:3
-
cpe:2.3:h:tp-link:tapo_tc70:3.0
-
cpe:2.3:o:tp-link:tapo_c200_firmware:1.1.22
-
cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.4
-
cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.9
-
cpe:2.3:o:tp-link:tapo_tc70_firmware:1.1.22
-
cpe:2.3:o:tp-link:tapo_tc70_firmware:1.3.4
-
cpe:2.3:o:tp-link:tapo_tc70_firmware:1.3.9