Headline

CVE-2023-30351: ACES/tmp_PRA.md at master · SECloudUNIMORE/ACES

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials.

1 year ago

CVE

Open in Source

#vulnerability #web #hard_coded_credentials #ssh #telnet

Permalink

Cannot retrieve contributors at this time

Tenda CP3 Physical Bootloader Access****CVE Number

TBA

Summary

It is possible to access a root shell of the Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 by exploiting physical access via UART serial interface.

Tested Versions

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355

Product URLs

Vendor Website

CVSSv3 Score

TBA

CWE

CWE-328: Use of Weak Hash
CWE-798: Use of Hard-coded Credentials

Details

After extracting the shadow file of the Squashfs found in the Tenda CP3 IP Camera flash, it is possible to reverse the hash of the password that can be used to access the root shell via UART serial interface at the end of the boot process.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago