cbcvebase.
CVE-2010-4233
published 2010-11-17

CVE-2010-4233: The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m…

PriorityP268critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
9.62%
94.9th percentile
The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface.

Affected

2 ranges
VendorProductVersion rangeFixed in
camtroncmnc-200_firmware
tecvozcmnc-200_firmware

Detection & IOCsextracted from sources · hover to see the quote

otherroot:m
othermg3500:merlin
port23 (TELNET)
  • Monitor for Telnet (TCP/23) authentication attempts using the credentials root/m or mg3500/merlin against Camtron CMNC-200 / TecVoz CMNC-200 IP camera devices.
  • The Telnet interface on affected devices cannot be disabled, making any Telnet session to these camera IPs inherently suspicious and worth alerting on.
  • ·Affected firmware version is 1.102A-008; verify firmware version on all CMNC-200 devices before assuming exposure.
  • ·No patch exists for this issue; mitigation relies entirely on network-level controls (ACLs, segmentation).
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.