CVE-2010-4233
published 2010-11-17CVE-2010-4233: The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m…
PriorityP268critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
9.62%
94.9th percentile
The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| camtron | cmnc-200_firmware | — | — |
| tecvoz | cmnc-200_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for Telnet (TCP/23) authentication attempts using the credentials root/m or mg3500/merlin against Camtron CMNC-200 / TecVoz CMNC-200 IP camera devices. ↗
- →The Telnet interface on affected devices cannot be disabled, making any Telnet session to these camera IPs inherently suspicious and worth alerting on. ↗
- ·Affected firmware version is 1.102A-008; verify firmware version on all CMNC-200 devices before assuming exposure. ↗
- ·No patch exists for this issue; mitigation relies entirely on network-level controls (ACLs, segmentation). ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.exploit-db.com/exploits/15507http://www.securityfocus.com/archive/1/514753/100/0/threadedhttps://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txthttp://www.exploit-db.com/exploits/15507http://www.securityfocus.com/archive/1/514753/100/0/threadedhttps://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt
2010-11-17
Published