Weak Encryption in Shenzen Tenda Technology IP Camera Leads to Default Password Vulnerability
CVE-2023-30351

7.5HIGH

Key Information:

Vendor: Tenda
Status: Cp3 Firmware
Vendor: CVE Published:; 10 May 2023

What is CVE-2023-30351?

The Shenzen Tenda Technology CP3 IP camera has been identified to possess a significant authentication issue due to a hard-coded default password for the root user. This password is stored using weak encryption, making it susceptible to unauthorized access. Attackers can exploit this vulnerability to connect to the TELNET service or UART, potentially leading to a breach of sensitive information and control over the device. Users are advised to change default credentials and implement stronger security measures to safeguard their devices.

References

https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Apr 7, 2023