CVE-2010-4232
published 2010-11-17CVE-2010-4232: The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote…
PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
4.26%
89.8th percentile
The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| camtron | cmnc-200_firmware | — | — |
| tecvoz | cmnc-200_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Authentication bypass on Camtron/TecVoz CMNC-200 IP Camera admin interface triggered by prefixing any URI with double forward slash (//) — monitor HTTP requests where the URI path begins with '//' targeting the device's web interface ↗
- →Specifically watch for requests to //system.html on CMNC-200 devices as a proof-of-concept exploitation path for full administrative access ↗
- ·Vulnerability is confirmed only on firmware version 1.102A-008 for both Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera; detections should be scoped to devices running this firmware ↗
- ·No patch exists for this vulnerability; detection/mitigation relies entirely on network-level controls ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.exploit-db.com/exploits/15506http://www.securityfocus.com/archive/1/514753/100/0/threadedhttps://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txthttp://www.exploit-db.com/exploits/15506http://www.securityfocus.com/archive/1/514753/100/0/threadedhttps://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt
2010-11-17
Published