CVE-2023-30146 – This vulnerability in Assmann Digitus Plug&View... (How to Fix)

Q: What is the severity of CVE-2023-30146?

CVE-2023-30146 has a CVSS score of 7.5 (HIGH). This vulnerability in Assmann Digitus Plug&View IP Camera HT-IP211HDP allows unauthenticated attackers to download the camera's configuration file containing administrator credentials. Anyone using the affected camera version with network access is vulnerable to credential theft and unauthorized access.

📋 TL;DR

This vulnerability in Assmann Digitus Plug&View IP Camera HT-IP211HDP allows unauthenticated attackers to download the camera's configuration file containing administrator credentials. Anyone using the affected camera version with network access is vulnerable to credential theft and unauthorized access.

💻 Affected Systems

Products:

Assmann Digitus Plug&View IP Camera HT-IP211HDP

Versions: 2.000.022

Operating Systems: Embedded camera firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All cameras running this firmware version are vulnerable by default when network-accessible.

📦 What is this software?

Ht Ip211hdp Firmware by Assmann

View all CVEs affecting Ht Ip211hdp Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative control of the camera, enabling them to view live feeds, modify settings, disable security features, or use the camera as an entry point into the network.

🟠

Likely Case

Attackers steal administrator credentials and access the camera's video feed and settings, potentially compromising privacy and security.

🟢

If Mitigated

With proper network segmentation and access controls, attackers cannot reach the vulnerable interface, preventing credential theft.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires simple HTTP request to specific endpoint; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

Check vendor website for firmware updates; if unavailable, implement workarounds.

🔧 Temporary Workarounds

Network Segmentation

all

Place cameras on isolated VLAN with no internet access and restrict access to management interface.

Firewall Rules

all

Block external access to camera management ports (typically 80, 443, 554).

🧯 If You Can't Patch

Isolate cameras from internet and restrict internal access to trusted IPs only.
Change default credentials and monitor for unauthorized access attempts.

🔍 How to Verify

Check if Vulnerable:

Attempt HTTP GET request to camera IP at endpoint /cgi-bin/ExportSettings.sh; if configuration file downloads without authentication, device is vulnerable.

Check Version:

Check camera web interface or documentation for firmware version; typically displayed in settings.

Verify Fix Applied:

After applying workarounds, verify the endpoint is inaccessible from untrusted networks.

📡 Detection & Monitoring

Log Indicators:

HTTP GET requests to /cgi-bin/ExportSettings.sh from unauthorized IPs
Multiple failed login attempts after credential exposure

Network Indicators:

Unusual outbound traffic from camera
HTTP requests to suspicious endpoints

SIEM Query:

source_ip="camera_ip" AND http_uri="/cgi-bin/ExportSettings.sh"

📊 Metadata

CVE ID: CVE-2023-30146

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-312

Published: August 4, 2023

Last Updated: November 21, 2024

🔗 References

https://de.assmann.shop/de/Gebaeude-Technik/Sicherheitstechnik/Ueberwachungskameras/ Product
https://github.com/L1-0/CVE-2023-30146 Exploit,Third Party Advisory
https://de.assmann.shop/de/Gebaeude-Technik/Sicherheitstechnik/Ueberwachungskameras/ Product
https://github.com/L1-0/CVE-2023-30146 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-30146, you might also want to check these: