Vulnerabilities > CVE-2010-4233 - Credentials Management vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 | |
| Hardware | 1 | |
| Hardware | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Camtron CMNC-200 IP Camera Undocumented Default Accounts. CVE-2010-4233. Webapps exploit for hardware platform |
| file | exploits/hardware/webapps/15507.txt |
| id | EDB-ID:15507 |
| last seen | 2016-02-01 |
| modified | 2010-11-13 |
| platform | hardware |
| port | |
| published | 2010-11-13 |
| reporter | Trustwave's SpiderLabs |
| source | https://www.exploit-db.com/download/15507/ |
| title | Camtron CMNC-200 IP Camera Undocumented Default Accounts |
| type | webapps |
Nessus
NASL family Default Unix Accounts NASL id ACCOUNT_ROOT_M.NASL description The account last seen 2020-06-01 modified 2020-06-02 plugin id 50601 published 2010-11-15 reporter This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50601 title Default Password (m) for 'root' Account NASL family Default Unix Accounts NASL id ACCOUNT_MG3500_MERLIN.NASL description The account last seen 2020-06-01 modified 2020-06-02 plugin id 50602 published 2010-11-15 reporter This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50602 title Default Password (merlin) for 'mg3500' Account
Packetstorm
| data source | https://packetstormsecurity.com/files/download/95794/TWSL2010-006.txt |
| id | PACKETSTORM:95794 |
| last seen | 2016-12-05 |
| published | 2010-11-12 |
| reporter | Trustwave |
| source | https://packetstormsecurity.com/files/95794/Camtron-CMNC-200-IP-Camera-Traversal-Overflow-Bypass-Denial-Of-Service.html |
| title | Camtron CMNC-200 IP Camera Traversal / Overflow / Bypass / Denial Of Service |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:70206 |
| last seen | 2017-11-19 |
| modified | 2014-07-01 |
| published | 2014-07-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-70206 |
| title | Camtron CMNC-200 IP Camera Undocumented Default Accounts |
References
- http://www.exploit-db.com/exploits/15507
- http://www.exploit-db.com/exploits/15507
- http://www.securityfocus.com/archive/1/514753/100/0/threaded
- http://www.securityfocus.com/archive/1/514753/100/0/threaded
- https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt
- https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt