Vulnerabilities > CVE-2023-49515 - Unspecified vulnerability in Tp-Link Tapo C200 Firmware and Tapo Tc70 Firmware

CVSS 4.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

low complexity

tp-link

NVD

Published: 2024-01-17

Updated: 2024-07-03

Summary

Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components.

Vulnerable Configurations

Part	Description	Count
OS	Tp-Link TP Link Tapo C200 Firmware 1.1.22 TP Link Tapo C200 Firmware 1.3.4 TP Link Tapo C200 Firmware 1.3.9 TP Link Tapo Tc70 Firmware 1.1.22 TP Link Tapo Tc70 Firmware 1.3.4 TP Link Tapo Tc70 Firmware 1.3.9	6
Hardware	Tp-Link TP Link Tapo C200 3 TP Link Tapo Tc70 3.0	2

References

https://github.com/VineethKumarM/TAPO-TC70-Unauthorized-root-access-using-UART/tree/master
https://github.com/VineethKumarM/TAPO-TC70-Unauthorized-root-access-using-UART