Hello there. Today I would like to share with you my first CVE, which corresponds to a command injection vulnerability found a couple months ago in the TP-Link Tapo c200 camera, that allows an attacker to take full control of the device with root privileges. It was assigned CVE-2021-4045 by the INCIBE, and you can check the official advisory here. The vulnerability affects all firmware versions prior to 1.1.16 Build 211209 Rel. 37726N, so if you own this model, I suggest you update it.
TP-Link Tapo c200 Camera Unauthenticated RCE (CVE-2021-4045) - hacefresko
TP-Link TC65 Camara WiFi 3MP Outdoor : Electronics
TP-Link Tapo c200 Camera Unauthenticated RCE (CVE-2021-4045) - hacefresko
Shan Keerthisinghe on LinkedIn: TP-Link Tapo c200 Camera Unauthenticated RCE (CVE-4045-2021)
TP-Link Tapo c200 Camera Unauthenticated RCE (CVE-2021-4045) - hacefresko
Exploitdb - TP-Link Tapo c200 1.1.15 - Remote Code Execution
Joşé Mąríą A. on LinkedIn: TP-Link Tapo c200 Camera Unauthenticated RCE (CVE -4045-2021)
TP-Link Tapo c200 Camera Unauthenticated RCE (CVE-2021-4045) - hacefresko
TP-Link Tapo c200 Camera Unauthenticated RCE (CVE-2021-4045) - hacefresko
TAPOC210 by TP-LINK (Factory New) Motion Detection and Notifications When you are away home, there are always something you care about. This is where the smart camera functions. No matter your child is climbing the kitchen cabinet, or the pet is stealing snacks, Tapo C210 helps you stay with them anytime, anywhere. Receive a notification whenever your camera detects motion and see a video clip of this motion to check everything.
TP-Link cm Tapo C210 2K Pan Tilt Home Security Wi-Fi Camera 3MP Retail
TP-Link Home Security Wi-Fi Camera Tapo C100
Hacking into Wi-Fi Camera TP-Link Tapo C200 (CVE-2021–4045), by LeoX
Findings / Shell access · nervous-inhuman tplink-tapo-c200-re · Discussion #6 · GitHub
TP-Link Tapo C212 2K Pan/Tilt Home Security Wi-Fi Camera – ACE Peripherals
TP-Link Tapo c200 Camera Unauthenticated RCE (CVE-2021-4045) - hacefresko