CVE-2023-30146
Description
Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated attackers can download the backup file of Assmann Digitus Plug&View IP Camera HT-IP211HDP (v2.000.022) and extract plaintext administrator credentials.
Vulnerability
The vulnerability resides in the backup retrieval endpoint of the web interface on the Assmann Digitus Plug&View IP Camera HT-IP211HDP running firmware version 2.000.022. The camera writes a compressed binary file containing the current settings, including administrator credentials stored in plaintext. This backup can be downloaded without any authentication, exposing sensitive data. The issue is described in reference [1] and affects cameras based on the HiSilicon H35xx SoC, but this CVE specifically covers the Assmann model.
Exploitation
An attacker with network access to the camera's web interface can exploit this by directly visiting the backup retrieval URL (e.g., /backup). No authentication or user interaction is required. The camera generates and serves the compressed backup file, which the attacker downloads. The file can be decompressed, and the plaintext administrator credentials can be read, allowing the attacker to log in as admin. A proof-of-concept script is scheduled for release per reference [1].
Impact
Successful exploitation yields the administrator credentials, granting full administrative control over the camera. This can lead to network compromise, as the attacker may use the camera as a pivot point for further attacks. The impact includes sensitive data exposure and potential unauthorized access to the local network.
Mitigation
As of the publication date (2023-08-04), no official patch has been released for this vulnerability. Reference [1] recommends ensuring that affected cameras cannot communicate with the internet and considering an upgrade to a newer device. The camera may be end-of-life. No workaround or fix is provided in the available references.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Assmann/Digitus Plug&View IP Camera HT-IP211HDPdescription
- Range: = 2.000.022
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The camera's firmware stores administrator and user credentials in plaintext inside a backup file that can be retrieved without authentication."
Attack vector
An unauthenticated attacker visits a specific URL on the camera's web interface that triggers the device to write a compressed binary backup of its current settings [ref_id=1]. The backup file is then downloadable without any authentication. Because the credentials are stored in plaintext within the backup, the attacker can decompress the file and read the administrator password, gaining full administrative access to the camera and potentially the broader network [ref_id=1].
Affected code
The bundle does not specify exact file paths or function names. The vulnerability exists in the web interface of the Assmann Digitus Plug&View IP Camera HT-IP211HDP (firmware version 2.000.022), which exposes a backup retrieval command URL that produces a compressed binary of the device settings [ref_id=1].
What the fix does
No patch is provided in the bundle. The advisory recommends that affected camera owners ensure the devices cannot communicate with the internet and consider upgrading to a newer device [ref_id=1]. A proper fix would require the vendor to (a) require authentication before serving the backup file, (b) encrypt or hash credentials stored in the backup, and (c) restrict access to the backup retrieval endpoint.
Preconditions
- networkThe attacker must have network access to the camera's web interface (typically on port 80 or 443).
- inputNo authentication is required; the attacker simply visits the backup retrieval URL on the camera.
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.