CVE-2023-30352
Description
Tenda CP3 IP camera uses a hard-coded default password for RTSP feed, enabling unauthorized access to live video.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Tenda CP3 IP camera uses a hard-coded default password for RTSP feed, enabling unauthorized access to live video.
Vulnerability
The Shenzen Tenda Technology IP Camera CP3 (firmware version V11.10.00.2211041355) contains a hard-coded default password for the RTSP feed [1]. This is a CWE-798: Use of Hard-coded Credentials issue. The credentials are weak and allow access to the camera's live video stream without authentication [1].
Exploitation
An attacker with network access to the camera's RTSP port (typically 554) can connect to the feed using the hard-coded default credentials [1]. No prior authentication or user interaction is required. The attacker simply needs to know the RTSP URL and the default username/password combination.
Impact
Successful exploitation allows an attacker to view the live video feed from the camera, leading to unauthorized information disclosure [1]. The attacker gains no further control over the device, but the privacy of the camera's surveillance area is compromised.
Mitigation
As of the publication date (2023-05-10), no official firmware update or patch has been released by the vendor to address this issue [1]. Users are advised to change the default RTSP credentials if possible, restrict network access to the camera via firewall rules, or isolate the camera on a separate VLAN. The camera is not listed on the CISA KEV as of this writing.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Shenzen Tenda Technology/IP Camera CP3description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.