CVE-2010-4233

Camtron and TecVoz CMNC-200 Firmware 1.102A-008 - Default Credentials Exposure via TELNET

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4233. PoCs published by Trustwave's SpiderLabs.

AI-analyzed exploit summary This is a writeup detailing undocumented default accounts on the CMNC-200 IP Camera's Linux OS, allowing unauthorized telnet access. It provides credentials for root and mg3500 accounts.

Description

The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Trustwave's SpiderLabs · textwebappshardware

https://www.exploit-db.com/exploits/15507

View Code ZIP pw:eip

This is a writeup detailing undocumented default accounts on the CMNC-200 IP Camera's Linux OS, allowing unauthorized telnet access. It provides credentials for root and mg3500 accounts.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: CMNC-200 IP Camera

No auth needed

Prerequisites: network access to the device · telnet service enabled

MITRE ATT&CK

T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/514753/100/0/threaded

Exploit x_refsource_misc

https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/15507

Scores

EPSS 0.0962

EPSS Percentile 94.9%

Details

CWE

CWE-255

Status published

Products (4)

camtron/cmnc-200

camtron/cmnc-200_firmware 1.102a-008

tecvoz/cmnc-200

tecvoz/cmnc-200_firmware 1.102a-008

Published Nov 17, 2010

Tracked Since Feb 18, 2026