1 Min Read
CVE-2023-35717
Originally published May 6, 2024.
Protect and safeguard your OT network and operations with the industry's most advanced, most capable cybersecurity platform.
Learn MoreDiscover and visualize every asset and every network connection in your OT environment.
Segment your network and enforce granular policies for true Zero Trust cybersecurity.
Identify unexpected or unauthorized activity, from Level 0 signals to cloud connections.
Monitor physical process signals to detect threats and prevent system damage.
With advanced technology and an expert team, Mission Secure helps organizations meet their most pressing OT security challenges.
Keep your organization secure against cyber threats and take control of your OT network.
View All IndustriesFind helpful OT and ICS cybersecurity resources, guides, and downloads.
View All ResourcesOur team of world-class OT, IT, and cybersecurity experts are setting the standard in OT cyber-protection.
Learn MoreWritten by Mission Secure
CVE-2023-35717 vulnerability in TP-Link Tapo C210 IP cameras enables attackers, particularly those in network proximity, to bypass authentication without needing valid credentials. This flaw, centered around the password recovery mechanism, poses a significant risk to OT environments reliant on these cameras for security surveillance, potentially allowing unauthorized access and compromising sensitive areas or processes.
From the CVE database:
TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link Tapo C210 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password recovery mechanism. The issue results from reliance upon the secrecy of the password derivation algorithm when generating a recovery password. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20484.
https://www.cve.org/CVERecord?id=CVE-2023-35717
Originally published May 6, 2024.