CVE-2023-30353
Description
Shenzen Tenda IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via XML command injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Shenzen Tenda IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via XML command injection.
Vulnerability
The Shenzen Tenda IP Camera CP3 firmware version V11.10.00.2211041355 contains a command injection vulnerability in a service that processes XML data. An attacker can send a crafted XML payload as the body of a POST request to trigger the injection. No authentication is required. [1]
Exploitation
An attacker with network access to the camera can send a specially crafted XML document containing arbitrary commands to an exposed service. The commands are executed as root. No user interaction or prior authentication is needed. [1]
Impact
Successful exploitation allows an attacker to execute arbitrary commands with root privileges on the device, leading to full compromise, including data exfiltration, device control, or use in further attacks. [1]
Mitigation
As of the disclosure date, no official fix has been released. Users should isolate affected devices from untrusted networks or apply vendor updates if available. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Shenzen Tenda Technology/IP Camera CP3description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.