CVE-2024-13893

Shared credentials in Smartwares cameras

Severity Score

7.5

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory.
For the telnet service to be enabled, the inserted SD card needs to have a folder with a specific name created. Two products were tested, but since the vendor has not replied to reports, patching status remains unknown, as well as groups of devices and firmware ranges in which the same password is shared. Newer firmware versions might be vulnerable as well.

Smartwares cameras CIP-37210AT y C724IP, así como otras que comparten el mismo firmware en versiones hasta la 3.3.0, podrían compartir las mismas credenciales para el servicio Telnet. El hash de la contraseña se puede recuperar mediante el acceso físico a la memoria conectada a SPI. Para que se habilite el servicio Telnet, la tarjeta SD insertada debe tener una carpeta con un nombre específico creado. Se probaron dos productos, pero como el proveedor no ha respondido a los informes, el estado de la aplicación de parches sigue siendo desconocido, así como los grupos de dispositivos y rangos de firmware en los que se comparte la misma contraseña. Las versiones de firmware más nuevas también podrían ser vulnerables.

Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory. For the telnet service to be enabled, the inserted SD card needs to have a folder with a specific name created. Two products were tested, but since the vendor has not replied to reports, patching status remains unknown, as well as groups of devices and firmware ranges in which the same password is shared. Newer firmware versions might be vulnerable as well.

*Credits: Michał Majchrowicz (Afine Team), Marcin Wyczechowski (Afine Team)

CVSS Scores

Attack Vector

Local

Attack Complexity

High

Attack Requirements

Present

Privileges Required

None

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

High

None

Integrity

High

None

Availability

High

None

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Complete

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2025-02-20 CVE Reserved
2025-03-06 CVE Published
2025-03-06 CVE Updated
2025-03-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-1392: Use of Default Credentials

CAPEC

References (2)

URL	Tag	Source
https://cert.pl/en/posts/2025/03/CVE-2024-13892	Third Party Advisory
https://www.smartwares.eu/en-gb/smartwares-cip-37210at-indoor-wi-fi-camera-cip--37210at	Product

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Smartwares Search vendor "Smartwares"		CIP-37210AT Search vendor "Smartwares" for product "CIP-37210AT"				<= 3.3.0 Search vendor "Smartwares" for product "CIP-37210AT" and version " <= 3.3.0"		en		Affected
Smartwares Search vendor "Smartwares"		C724IP Search vendor "Smartwares" for product "C724IP"				<= 3.3.0 Search vendor "Smartwares" for product "C724IP" and version " <= 3.3.0"		en		Affected