TP-Link Tapo c200 Camera Unauthenticated RCE (CVE-2021-4045)

17 minute read


Hello there. Today I would like to share with you my first CVE, which corresponds to a command injection vulnerability found a couple months ago in the TP-Link Tapo c200 camera, that allows an attacker to take full control of the device with root privileges. It was assigned CVE-2021-4045 by the INCIBE, and you can check the official advisory here. The vulnerability affects all firmware versions prior to...

LiquidJS SSTI to Arbitrary File Read

6 minute read


Hello there. I have been thinking about starting a cybersecurity blog since the last few months, in order to share my learning process and my experiences as a beginner in this field and contribute to the community. I have finally decided to do it, and I thought it would be great to start by writing about my first bug bounty, which I earned a couple of months ago. Since the...