On December 11th, 2022, FortiGuard Labs observed a significant spike in IPS signature "TP-Link.Tapo.C200.IP.Camera.Command.Injection". The IPS signature is for CVE-2021-4045 and detects an attack to exploit a Command Injection vulnerability in TP-Link Tapo C200 IP Camera. Successful exploitation of the vulnerability allows remote attackers to gain control of vulnerable devices.
Why is this Significant?
This is significant due to the detection spike in our IPS signature, which indicates attackers are attempting to exploit TP-Link Tapo C200 IP Camera devices vulnerable to CVE-2021-4045.
Also, proof-of-concept (PoC) code for CVE-2021-4045 is readily available. As such, firmware updates need to be applied to the vulnerable devices as soon as possible.
What is CVE-2021-4045?
CVE-2021-4045 is a Command Injection vulnerability in TP-Link Tapo C200 IP Camera. Successful exploitation of the vulnerability allows remote attackers to gain control of vulnerable devices. CVE-2021-4045 impacts Tapo C200 version 1.15 and below and has a CVSS score of 9.8.
How Widespread is the Attack?
Based on the telemetry collected by FortiGuard Labs last 24 hours, 24.55% of the detected exploit attempts came from unidentified countries, followed by Japan (22.48%) and the United States (13.95%).
Top 10 Countries where "TP-Link.Tapo.C200.IP.Camera.Command.Injection" was Detected last 24 hours
Has the Vendor Released a Patch for CVE-2021-4045?
Yes, the vendor released firmware with a fix.