What is CVE-2020-12109?

CVE-2020-12109 is a vulnerability in N/a. Published 2020-05-04.

Is CVE-2020-12109 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-12109

Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build…

EPSS: 0.816 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cvemon
HimmelAward/Goby_
Live-Hack-CVE/CVE-2020-12109
NyxAzrael/Goby_
Z0fhack/Goby_

References

www.tp-link.com/us/security (x_refsource_MISC)
seclists.org/fulldisclosure/2020/May/2 (x_refsource_MISC)
packetstormsecurity.com/files/157531/TP-LINK-Cloud-Cameras-NCXXX-Bonjour-Comman… (x_refsource_MISC)
packetstormsecurity.com/files/159222/TP-Link-Cloud-Cameras-NCXXX-Bonjour-Comman… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-12109?: CVE-2020-12109 is a vulnerability in N/a. Published 2020-05-04.
Is CVE-2020-12109 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.