TP-LINK NC250 UP TO 1.2.1 BUILD 170515 URL WEAK AUTHENTICATION

A vulnerability classified as critical was found in TP-LINK NC250 up to 1.2.1 Build 170515. This vulnerability affects an unknown function of the component URL Handler. The manipulation with the input value rtsp://admin@yourip:554/h264_hd.sdp leads to a weak authentication vulnerability. The CWE definition for the vulnerability is CWE-287. As an impact it is known to affect confidentiality.

The weakness was presented 07/02/2017. This vulnerability was named CVE-2017-10796 since 07/02/2017. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 07/03/2017).

It is possible to mitigate the weakness by firewalling .

CVSSv3

VulDB Base Score: 5.3
VulDB Temp Score: 5.2
VulDB Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:W/RC:X
VulDB Reliability: High

CVSSv2

Vector	Complexity	Authentication	Confidentiality	Integrity	Availability
Local	High	Multiple	None	None	None
Adjacent	Medium	Single	Partial	Partial	Partial
Network	Low	None	Complete	Complete	Complete

VulDB Base Score: 4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
VulDB Temp Score: 4.1 (CVSS2#E:ND/RL:W/RC:ND)
VulDB Reliability: High


CPE

• cpe:/a:tp-link:nc250:1.2.1_build_170515

Exploiting

Class: Weak authentication (CWE-287)
Local: No
Remote: Yes

Availability: No

Price Prediction: steady
Current Price Estimation: 

0-Day	$0-$5k	$5k-$25k	$25k-$100k	$100k-$500k
Today	$0-$5k	$5k-$25k	$25k-$100k	$100k-$500k

Countermeasures

Recommended: Firewall
Status: Workaround
0-Day Time: 0 days since found

Timeline

07/02/2017   Advisory disclosed
07/02/2017  +0 days CVE assigned
07/03/2017  +1 days VulDB entry created
07/03/2017  +0 days VulDB last update

Sources

CVE: CVE-2017-10796 (mitre.org) (nvd.nist.org) (cvedetails.com)