CVE-2023-30146

HIGH

Assmann HT-IP211HDP Firmware 2.000.022 - Unauthenticated Cleartext Storage of Sensitive Information

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-30146. PoCs published by L1-0.

AI-analyzed exploit summary This PoC exploits an information disclosure vulnerability in HooToo/Assmann webcams by querying multiple CGI endpoints to retrieve sensitive data such as user credentials, network configurations, and WiFi details. The script automates the extraction of this information without requiring authentication.

Description

Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials.

Exploits (1)

nomisec WORKING POC 2 stars
by L1-0 · poc
https://github.com/L1-0/CVE-2023-30146

This PoC exploits an information disclosure vulnerability in HooToo/Assmann webcams by querying multiple CGI endpoints to retrieve sensitive data such as user credentials, network configurations, and WiFi details. The script automates the extraction of this information without requiring authentication.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: HooToo/Assmann HT-IP211HDP, version 2.000.022
No auth needed
Prerequisites: Network access to the vulnerable webcam
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Scores

CVSS v3 7.5
EPSS 0.0065
EPSS Percentile 46.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-312
Status published
Products (1)
assmann/ht-ip211hdp_firmware 2.000.022
Published Aug 04, 2023
Tracked Since Feb 18, 2026