Headline
CVE-2023-30354: ACES/tmp_PBA.md at master · SECloudUNIMORE/ACES
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access.
Permalink
Cannot retrieve contributors at this time
Tenda CP3 Physical Bootloader Access****CVE Number
TBA
Summary
It is possible to access to the bootloader of the Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 by exploiting physical access via UART serial interface.
Tested Versions
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355
Product URLs
Vendor Website
CVSSv3 Score
TBA
CWE
- CWE-798: Use of Hard-coded Credentials
Details
By interrupting the U-Boot process and inserting the boot password (found hardcoded in the image of the camera) it is possible to obtain root access to the U-Boot console.