TP-Link Tapo c200 Camera Unauthenticated RCE (CVE-2021-4045) - hacefresko

Hello there. Today I would like to share with you my first CVE, which corresponds to a command injection vulnerability found a couple months ago in the TP-Link Tapo c200 camera, that allows an attacker to take full control of the device with root privileges. It was assigned CVE-2021-4045 by the INCIBE, and you can check the official advisory here. The vulnerability affects all firmware versions prior to 1.1.16 Build 211209 Rel. 37726N, so if you own this model, I suggest you update it.

Shan Keerthisinghe on LinkedIn: TP-Link Tapo c200 Camera Unauthenticated RCE (CVE-4045-2021)

GitHub - NoDataFound/hackGPT: I leverage OpenAI and ChatGPT to do hackerish things

Findings / Shell access · nervous-inhuman tplink-tapo-c200-re · Discussion #6 · GitHub

Fans0n (@00mask1) / X

TP-Link Tapo c200 Camera Unauthenticated RCE (CVE-2021-4045) - hacefresko

GitHub - soosmile/POC

TP-Link Tapo 1080P Outdoor Wired Pan/Tilt Security Wi-Fi Camera, 360°

TP-Link Tapo c200 Camera Unauthenticated RCE (CVE-2021-4045) - hacefresko

TP-Link TC65 Camara WiFi 3MP Outdoor : Electronics

Findings / Shell access · nervous-inhuman tplink-tapo-c200-re · Discussion #6 · GitHub

0xor0ne on X: TP-Link Tapo c200 command injection vulnerability writeup ( CVE-2021-4045) Credits @hacefresko #iot #embedded #infosec #cybersec #cve / X

Findings / Shell access · nervous-inhuman tplink-tapo-c200-re · Discussion #6 · GitHub

Koroao Clip Mount for TP-Link Tapo C200/C210 Pan/Tilt Security Camera，No Tools or Wall Damage Required : Electronics