CVE-2021-4469
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Denver | SHO-110 | 0 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
- CWE-1242: CWE-1242 Inclusion of Undocumented Features or Chicken Bits
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/50162
- http://old.denver.eu/products/smart-home-security/denver-sho-110/c-1024/c-1243/p-3826
- https://www.vulncheck.com/advisories/denver-sho-110-ip-camera-unauthenticated-snapshot-access
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.