What is CVE-2021-4045?

CVE-2021-4045 is a critical-severity vulnerability in Tp-link Tapo C200, classified under Command Injection. CVSS score: 9.8/10. Published 2022-03-07.

How severe is CVE-2021-4045?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2021-4045 known to be exploited?

50 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Tp-link Tapo C200

CVE-2021-4045

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.910 (99.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Tp-link Tapo C200 — versions 1.15

Weakness classification (CWE)

CWE-77 — Command Injection

Public proof-of-concept exploits

References

www.incibe-cert.es/en/early-warning/security-advisories/tp-link-tapo-c200-remot… (x_refsource_CONFIRM)
packetstormsecurity.com/files/168472/TP-Link-Tapo-c200-1.1.15-Remote-Code-Execu… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-4045?: CVE-2021-4045 is a critical-severity vulnerability in Tp-link Tapo C200, classified under Command Injection. CVSS score: 9.8/10. Published 2022-03-07.
How severe is CVE-2021-4045?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2021-4045 known to be exploited?: 50 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.