Lucene search

K
cveMitreCVE-2023-30354
HistoryMay 10, 2023 - 4:15 p.m.

CVE-2023-30354

2023-05-1016:15:12
CWE-319
mitre
web.nvd.nist.gov
22
shenzen tenda
ip camera
cp3
u-boot
vulnerability
wi-fi password
hardcoded boot password
nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

55.3%

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access.

Affected configurations

Nvd
Node
tendacp3_firmwareMatch11.10.00.2211041355
AND
tendacp3Match-
VendorProductVersionCPE
tendacp3_firmware11.10.00.2211041355cpe:/o:tenda:cp3_firmware:11.10.00.2211041355:::

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

55.3%

Related for CVE-2023-30354