CVE-2023-27126

MEDIUM Year: 2023
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-522
View all →

Vulnerability Description

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim.

Related Vulnerabilities

CVE-2017-2751

MEDIUM
CVSS:4.6(Medium)

A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. T...

CWE-5222017

CVE-2019-4723

MEDIUM
CVSS:4.6(Medium)

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172...

CWE-5222019

CVE-2019-4724

MEDIUM
CVSS:4.6(Medium)

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.

CWE-5222019

CVE-2020-12309

MEDIUM
CVSS:4.6(Medium)

Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via phys...

CWE-5222020

CVE-2020-16097

MEDIUM
CVSS:4.6(Medium)

On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed...

CWE-5222020

CVE-2021-27941

MEDIUM
CVSS:4.6(Medium)

Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically pr...

CWE-5222021