Cyber Resilience

CVE-2024-48288

HighPublic PoC

Published: 21 November 2024

Published
21 November 2024
Modified
15 August 2025
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1502 94.7th percentile
Risk Priority 25 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48288 is a high-severity Command Injection (CWE-77) vulnerability in Tp-Link Tl-Ipc42C Firmware. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

TP-Link TL-IPC42C V4.0_20211227_1.0.16 contains a command-injection vulnerability (CWE-77) that stems from missing validation of untrusted input on both the web frontend and backend. The flaw is rated CVSS 8.0 and permits an attacker to execute arbitrary operating-system commands on the affected camera firmware.

An attacker with network adjacency and a valid low-privileged account can supply crafted input that bypasses the missing checks, resulting in full control over the device and the ability to read, modify, or delete data as well as disrupt availability. No authentication beyond the local network login is required, and the attack does not depend on user interaction.

Public proof-of-concept code demonstrating remote code execution against this model has been published, yet no vendor advisory, firmware update, or mitigation guidance appears among the referenced sources. The associated EPSS score has remained steady at 0.1502 with no material increase since disclosure.

EU & UK References

Vulnerability details

TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Command injection vulnerability in TP-Link IP camera web interface (public-facing application) enables remote exploitation (T1190) for arbitrary command execution (T1059).

Affected Assets

tp-link
tl-ipc42c firmware
20211227_1.0.16

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References