Home

Description

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.

PUBLISHED Reserved 2025-11-14 | Published 2025-11-14 | Updated 2025-11-17 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-306 Missing Authentication for Critical Function

CWE-1242 Inclusion of Undocumented Features or Chicken Bits

Product status

Default status
unknown

Any version
affected

Timeline

2021-07-29:ExploitDB-50162 is publicly disclosed.

Credits

Ivan Nikolsky (enty8080) finder

References

www.exploit-db.com/exploits/50162 exploit

old.denver.eu/...ecurity/denver-sho-110/c-1024/c-1243/p-3826 product

www.vulncheck.com/...-camera-unauthenticated-snapshot-access third-party-advisory

cve.org (CVE-2021-4469)

nvd.nist.gov (CVE-2021-4469)

Download JSON