CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-30353
https://notcve.org/view.php?id=CVE-2023-30353
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document. • https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_uRCE.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-30352
https://notcve.org/view.php?id=CVE-2023-30352
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed. • https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_RTSPa.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-30354
https://notcve.org/view.php?id=CVE-2023-30354
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access. • https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_NCD.md https://github.com/SECloudUNIMORE/ACES/blob/master/Tenda/CP3/tmp_PBA.md • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-30135
https://notcve.org/view.php?id=CVE-2023-30135
Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function. • https://github.com/DrizzlingSun/Tenda/blob/main/AC18/8/8.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 1CVE-2023-29681
https://notcve.org/view.php?id=CVE-2023-29681
Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. • https://medium.com/%400ta/tenda-n301-v6-cve-2023-29680-cve-2023-29681-a40f7ae6dc62 https://www.youtube.com/watch?v=Xy9_hmpvvA4&ab_channel=0ta • CWE-319: Cleartext Transmission of Sensitive Information •