ID
VAR-202306-0535
CVE
CVE-2023-27126
TITLE
TP-LINK Tapo C200 Security hole
Trust: 0.6
sources:
CNNVD: CNNVD-202306-404
DESCRIPTION
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim
Trust: 0.99
sources:
NVD: CVE-2023-27126 //
VULMON: CVE-2023-27126
AFFECTED PRODUCTS
| vendor: | tp link | model: | tapo c200 | scope: | eq | version: | 1.2.2 | Trust: 1.0 |
sources:
NVD: CVE-2023-27126
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNNVD: CNNVD-202306-404 //
NVD: CVE-2023-27126 //
NVD: CVE-2023-27126
PROBLEMTYPE DATA
| problemtype: | CWE-522 | Trust: 1.0 |
sources:
NVD: CVE-2023-27126
TYPE
other
Trust: 0.6
sources:
CNNVD: CNNVD-202306-404
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-27126 | Trust: 1.7 |
| db: | CNNVD | id: | CNNVD-202306-404 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2023-27126 | Trust: 0.1 |
sources:
VULMON: CVE-2023-27126 //
CNNVD: CNNVD-202306-404 //
NVD: CVE-2023-27126
REFERENCES
| url: | http://tp-link.com | Trust: 1.7 |
| url: | https://www.claranet.fr/blog/dans-les-entrailles-dune-camera-connectee-tp-link-14 | Trust: 1.7 |
| url: | http://tapo.com | Trust: 1.7 |
| url: | https://cxsecurity.com/cveshow/cve-2023-27126/ | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
VULMON: CVE-2023-27126 //
CNNVD: CNNVD-202306-404 //
NVD: CVE-2023-27126
SOURCES
| db: | VULMON | id: | CVE-2023-27126 |
| db: | CNNVD | id: | CNNVD-202306-404 |
| db: | NVD | id: | CVE-2023-27126 |
LAST UPDATE DATE
2025-01-08T23:07:34.414000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2023-27126 | date: | 2023-06-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-202306-404 | date: | 2023-06-13T00:00:00 |
| db: | NVD | id: | CVE-2023-27126 | date: | 2025-01-08T16:15:27.993 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2023-27126 | date: | 2023-06-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-202306-404 | date: | 2023-06-06T00:00:00 |
| db: | NVD | id: | CVE-2023-27126 | date: | 2023-06-06T18:15:10.343 |