cbcvebase.
CVE-2010-4232
published 2010-11-17

CVE-2010-4232: The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote…

PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
4.26%
89.8th percentile
The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI.

Affected

2 ranges
VendorProductVersion rangeFixed in
camtroncmnc-200_firmware
tecvozcmnc-200_firmware

Detection & IOCsextracted from sources · hover to see the quote

url//system.html
  • Authentication bypass on Camtron/TecVoz CMNC-200 IP Camera admin interface triggered by prefixing any URI with double forward slash (//) — monitor HTTP requests where the URI path begins with '//' targeting the device's web interface
  • Specifically watch for requests to //system.html on CMNC-200 devices as a proof-of-concept exploitation path for full administrative access
  • ·Vulnerability is confirmed only on firmware version 1.102A-008 for both Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera; detections should be scoped to devices running this firmware
  • ·No patch exists for this vulnerability; detection/mitigation relies entirely on network-level controls
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.