CVE-2021-4469
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-14

Last updated on: 2025-11-14

Assigner: VulnCheck

Description
Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-14
Last Modified
2025-11-14
Generated
2026-06-16
AI Q&A
2025-11-15
EPSS Evaluated
2026-06-15
NVD
CVE-2021-4469
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
denver sho-110 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1242 The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

Denver SHO-110 IP cameras have a secondary HTTP service running on TCP port 8001 that provides access to a '/snapshot' endpoint without requiring any authentication. Although the main web interface on port 80 requires authentication, this backdoor service allows any remote attacker to directly request image snapshots. By repeatedly accessing this endpoint, an attacker can collect images and reconstruct the camera's video stream, thereby compromising the confidentiality of the monitored area.

Impact Analysis

This vulnerability allows an attacker to remotely access image snapshots from the camera without any authentication, enabling them to monitor and reconstruct the camera's video stream. This compromises the confidentiality of the environment being monitored, potentially exposing sensitive or private information to unauthorized parties.

Detection Guidance

You can detect this vulnerability by scanning your network for devices with TCP port 8001 open and then attempting to access the '/snapshot' endpoint without authentication. For example, use a command like 'nmap -p 8001 --open <target-ip>' to find devices with port 8001 open. Then, use a tool like curl to request the snapshot endpoint: 'curl http://<target-ip>:8001/snapshot'. If you receive an image without authentication, the device is vulnerable.

Mitigation Strategies

Immediate mitigation steps include restricting access to TCP port 8001 on your network by using firewall rules to block or limit access to trusted IPs only. Additionally, disable or restrict the secondary HTTP service on port 8001 if possible. If firmware updates are available from the vendor addressing this issue, apply them promptly.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-4469. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart