CVE-2021-4469

Vulnerability Description

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.

Related Weaknesses (CWE)

References

• http://old.denver.eu/products/smart-home-security/denver-sho-110/c-1024/c-1243/p
• https://www.exploit-db.com/exploits/50162
• https://www.vulncheck.com/advisories/denver-sho-110-ip-camera-unauthenticated-sn

FAQ

What is CVE-2021-4469?

CVE-2021-4469 is a documented vulnerability. Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces au...

How severe is CVE-2021-4469?

CVSS scoring is not yet available for CVE-2021-4469. Check NVD for updates.

Is there a patch for CVE-2021-4469?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.