Vulnerabilities > CVE-2010-4233 - Credentials Management vulnerability in multiple products

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
camtron
tecvoz
CWE-255
critical
nessus
exploit available
NVD
Published: 2010-11-17
Updated: 2018-10-10

Summary

The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface.

Vulnerable Configurations

Part Description Count
Application
Camtron
1
Application
Tecvoz
1
Hardware
Camtron
1
Hardware
Tecvoz
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionCamtron CMNC-200 IP Camera Undocumented Default Accounts. CVE-2010-4233. Webapps exploit for hardware platform
fileexploits/hardware/webapps/15507.txt
idEDB-ID:15507
last seen2016-02-01
modified2010-11-13
platformhardware
port
published2010-11-13
reporterTrustwave's SpiderLabs
sourcehttps://www.exploit-db.com/download/15507/
titleCamtron CMNC-200 IP Camera Undocumented Default Accounts
typewebapps

Nessus

  • NASL familyDefault Unix Accounts
    NASL idACCOUNT_ROOT_M.NASL
    descriptionThe account
    last seen2020-06-01
    modified2020-06-02
    plugin id50601
    published2010-11-15
    reporterThis script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50601
    titleDefault Password (m) for 'root' Account
  • NASL familyDefault Unix Accounts
    NASL idACCOUNT_MG3500_MERLIN.NASL
    descriptionThe account
    last seen2020-06-01
    modified2020-06-02
    plugin id50602
    published2010-11-15
    reporterThis script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50602
    titleDefault Password (merlin) for 'mg3500' Account

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/95794/TWSL2010-006.txt
idPACKETSTORM:95794
last seen2016-12-05
published2010-11-12
reporterTrustwave
sourcehttps://packetstormsecurity.com/files/95794/Camtron-CMNC-200-IP-Camera-Traversal-Overflow-Bypass-Denial-Of-Service.html
titleCamtron CMNC-200 IP Camera Traversal / Overflow / Bypass / Denial Of Service

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:70206
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-70206
titleCamtron CMNC-200 IP Camera Undocumented Default Accounts

References