CVE-2023-30351

HIGH

Tenda CP3 Firmware V11.10.00.2211041355 - Hard-Coded Root Password with Weak Encryption

Title source: llm

Description

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials.

References (2)

Core 2

Core References

Third Party Advisory

https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_PRA.md

View Writeup ZIP pw:eip

Third Party Advisory

https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_RRA.md

View Writeup ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0024

EPSS Percentile 14.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-326 CWE-798

Status published

Products (1)

tenda/cp3_firmware 11.10.00.2211041355

Published May 10, 2023

Tracked Since Feb 18, 2026