Full title: TP-LINK Cloud Cameras NCXXX Hardcoded Encryption Key Vulnerability 
Category: web applications
Platform: hardware
TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from having a hardcoded encryption key. The issue is located in the methods swSystemBackup and sym.swSystemRestoreFile, where a hardcoded encryption key is used in order to encrypt/decrypt a config backup file. The algorithm in use is DES ECB with modified s-boxes and permutation tables.

# 0day.today @ http://0day.today/