Summaryinfo

A vulnerability was found in TP-Link TC70 and C200 1.3.4 and classified as problematic. Affected by this issue is some unknown functionality of the component UART. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2023-49515. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Detailsinfo

A vulnerability has been found in TP-Link TC70 and C200 1.3.4 and classified as problematic. Affected by this vulnerability is an unknown code block of the component UART. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality. The summary by CVE is:

Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components.

The weakness was disclosed 01/17/2024. It is possible to read the advisory at github.com. This vulnerability is known as CVE-2023-49515 since 11/27/2023. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1592 according to MITRE ATT&CK.

Upgrading to version 1.3.11 eliminates this vulnerability.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Vendor

• TP-Link

Name

• C200
• TC70

Version

• 1.3.4

License

• commercial

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion