CVE-2023-30351 – This vulnerability allows attackers to gain roo... (How to Fix)

Q: What is the severity of CVE-2023-30351?

CVE-2023-30351 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to gain root access to Tenda CP3 IP cameras via TELNET or UART using hard-coded default credentials with weak encryption. All users of affected camera models with default configurations are vulnerable. Attackers can fully compromise the device and potentially pivot to other network resources.

📋 TL;DR

This vulnerability allows attackers to gain root access to Tenda CP3 IP cameras via TELNET or UART using hard-coded default credentials with weak encryption. All users of affected camera models with default configurations are vulnerable. Attackers can fully compromise the device and potentially pivot to other network resources.

💻 Affected Systems

Products:

Tenda CP3 IP Camera

Versions: V11.10.00.2211041355 (specific firmware version mentioned in CVE)

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with default configuration are vulnerable. Requires TELNET or UART access enabled/available.

📦 What is this software?

Cp3 Firmware by Tenda

View all CVEs affecting Cp3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover leading to video surveillance compromise, network pivoting to other systems, installation of persistent malware, and use in botnets.

🟠

Likely Case

Unauthorized access to camera feeds, device configuration changes, and potential use as network foothold for further attacks.

🟢

If Mitigated

Limited to isolated camera compromise if network segmentation prevents lateral movement and cameras are not internet-facing.

🌐 Internet-Facing: HIGH - Directly exploitable from internet if TELNET/UART exposed, leading to immediate compromise.

🏢 Internal Only: HIGH - Internal attackers or malware can easily exploit this to gain device control.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple credential-based attack requiring only network access to TELNET/UART service. Public GitHub references contain technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not found in provided references

Restart Required: No

Instructions:

Check Tenda website for firmware updates. If available, download latest firmware and follow vendor update procedure for CP3 cameras.

🔧 Temporary Workarounds

Disable TELNET/UART services

all

Disable TELNET and UART access if not required for operations

Check camera web interface for service settings
Disable TELNET/UART if options available

Change default credentials

linux

Change root password to strong unique password

passwd root (after gaining access via existing method)
Enter new strong password

🧯 If You Can't Patch

Network segmentation: Isolate cameras in separate VLAN with strict firewall rules
Disable external access: Ensure cameras are not accessible from internet

🔍 How to Verify

Check if Vulnerable:

Attempt TELNET connection to camera port 23 using default credentials. Check if UART access is physically available.

Check Version:

Check camera web interface or use command: cat /proc/version (if already accessed)

Verify Fix Applied:

Verify TELNET/UART access is disabled or requires strong authentication. Test with default credentials should fail.

📡 Detection & Monitoring

Log Indicators:

Failed/successful TELNET authentication attempts
UART access logs if available
Root login events

Network Indicators:

TELNET connections to camera IPs
Unusual outbound traffic from cameras

SIEM Query:

source="camera_logs" AND (event="TELNET" OR event="root_login")

📊 Metadata

CVE ID: CVE-2023-30351

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-326

Published: May 10, 2023

Last Updated: January 27, 2025

🔗 References

https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_PRA.md Third Party Advisory
https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_RRA.md Third Party Advisory
https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_PRA.md Third Party Advisory
https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_RRA.md Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-30351, you might also want to check these: