PT-2023-22647 · Shenzen Tenda Technology · Tenda Ip Camera Cp3

Published

2023-05-10

Updated

2025-01-27

CVE-2023-30351

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Shenzen Tenda Technology IP Camera CP3 version 11.10.00.2211041355

Description The issue is related to a hard-coded default password for the root user, which is stored using weak encryption. This allows attackers to connect to the TELNET service or UART by using the exposed credentials.

Recommendations For version 11.10.00.2211041355, consider changing the default password for the root user to a strong, unique password to prevent unauthorized access. As a temporary workaround, restrict access to the TELNET service and UART to minimize the risk of exploitation.

Fix

Using Hardcoded Credentials

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-326

Related Identifiers

CVE-2023-30351

Affected Products

Tenda Ip Camera Cp3

PT-2023-22647 · Shenzen Tenda Technology · Tenda Ip Camera Cp3

CVE-2023-30351

Weakness Enumeration

Related Identifiers

Affected Products

References · 6