Smartwares Cameras Telnet Credential Vulnerability

Vulnerability

A vulnerability exists in Smartwares cameras CIP-37210AT and C724IP, as well as other models with the same firmware in versions prior to 3.3.0, allowing devices to share identical credentials for the telnet service. The password hash can be extracted through physical access to the SPI-connected memory. For the telnet service to be activated, the inserted SD card must contain a folder with a specific name. While two products were tested, the vendor has not responded to reports, leaving the patching status unknown and creating uncertainty about other affected devices and firmware ranges. Newer firmware versions may also be vulnerable.

Impact

Exploitation of this vulnerability allows for unauthorized access to the telnet service, potentially leading to further exploitation of the device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Smartwares Cameras Telnet Credential Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating