CVE-2021-4468
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-14

Last updated on: 2025-11-14

Assigner: VulnCheck

Description
PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file from the device. The backup contains sensitive configuration information, including credentials, allowing an attacker to obtain administrative access to the camera and compromise the confidentiality of the monitored environment.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-14
Last Modified
2025-11-14
Generated
2026-06-16
AI Q&A
2025-11-15
EPSS Evaluated
2026-06-15
NVD
CVE-2021-4468
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
planex cs-qp50f-ing2 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The PLANEX CS-QP50F-ING2 smart cameras have a configuration backup interface accessible over HTTP that does not require any authentication. This means a remote attacker can retrieve the device's compressed configuration backup file without needing to log in. The backup file contains sensitive information such as credentials, which can allow the attacker to gain administrative access to the camera and compromise the confidentiality of the environment being monitored.

Impact Analysis

This vulnerability can allow a remote, unauthenticated attacker to obtain administrative access to the affected smart camera by retrieving sensitive configuration data including credentials. As a result, the attacker can compromise the confidentiality of the monitored environment, potentially leading to unauthorized surveillance, data breaches, or further attacks on connected systems.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-4468. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart