cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-41184,https://securityvulnerability.io/vulnerability/CVE-2023-41184,TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability,"The TP-Link Tapo C210 IP camera contains a significant stack-based buffer overflow vulnerability within its ActiveCells parameter handling in the CreateRules and ModifyRules APIs. This flaw arises from inadequate validation of user-supplied data lengths, which may allow an attacker to exploit the vulnerability by executing arbitrary code on affected devices. Although an authentication step is required, the effectiveness of existing mechanisms can be compromised, enabling attackers to perform code execution in the context of root privileges. As a result, users are prompted to ensure that their devices are adequately secured against potential exploitation. Detailed advisory can be found on the Zero Day Initiative's website.",Tp-link,Tapo C210,6.8,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T02:11:45.362Z,0
CVE-2023-35717,https://securityvulnerability.io/vulnerability/CVE-2023-35717,TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability,"The TP-Link Tapo C210 IP camera has a vulnerability within its password recovery process that enables network-adjacent attackers to bypass authentication. This flaw stems from an over-reliance on the secrecy of the password derivation algorithm utilized in generating recovery passwords. As a result, the lack of proper authentication measures allows unauthorized users to access the system, raising significant concerns regarding the security of installations relying on this product. It is essential for users to be aware of this vulnerability and take appropriate measures to secure their devices.",Tp-link,Tapo C210,8.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T01:57:38.702Z,0