CVE-2023-30351

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_PRA.md	Third Party Advisory
https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_RRA.md	Third Party Advisory
https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_PRA.md	Third Party Advisory
https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_RRA.md	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tenda:cp3_firmware:11.10.00.2211041355:*:*:*:*:*:*:*

cpe:2.3:h:tenda:cp3:-:*:*:*:*:*:*:*

History

27 Jan 2025, 20:15

Type	Values Removed	Values Added
CWE		CWE-798

Information

Published : 2023-05-10 16:15

Updated : 2025-01-27 20:15

NVD link : CVE-2023-30351

Mitre link : CVE-2023-30351

CVE.ORG link : CVE-2023-30351

JSON object : View

Products Affected

tenda

cp3_firmware
cp3

CWE

CWE-326

Inadequate Encryption Strength

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2023-30351", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-05-10T16:15:11.497", "references": [{"url": "https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_PRA.md", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_RRA.md", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_PRA.md", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_RRA.md", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-326"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials."}], "lastModified": "2025-01-27T20:15:30.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tenda:cp3_firmware:11.10.00.2211041355:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B848FCE-2775-4757-A673-7788061B36BD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tenda:cp3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "16FD7FFD-98DF-46EC-B95C-7B12C172453C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}