CVE-2010-4232

Camtron CMNC-200 Firmware 1.102A-008 - Unauthenticated Authentication Bypass via Double Slash URI

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4232. PoCs published by Trustwave's SpiderLabs.

AI-analyzed exploit summary The exploit describes an authentication bypass vulnerability in the CMNC-200 IP Camera's web interface. By adding an extra forward slash after the hostname, an attacker can bypass authentication and gain full control of the device.

Description

The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Trustwave's SpiderLabs · textwebappshardware
https://www.exploit-db.com/exploits/15506

The exploit describes an authentication bypass vulnerability in the CMNC-200 IP Camera's web interface. By adding an extra forward slash after the hostname, an attacker can bypass authentication and gain full control of the device.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: CMNC-200 IP Camera
No auth needed
Prerequisites: Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514753/100/0/threaded
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15506

Scores

EPSS 0.0426
EPSS Percentile 89.8%

Details

CWE
CWE-287
Status published
Products (4)
camtron/cmnc-200
camtron/cmnc-200_firmware 1.102a-008
tecvoz/cmnc-200
tecvoz/cmnc-200_firmware 1.102a-008
Published Nov 17, 2010
Tracked Since Feb 18, 2026