CVE-2021-4469
Denver SHO-110 IP Camera Unauthenticated Snapshot Access
In short
Denver SHO-110 IP cameras have a hidden backdoor service on port 8001 that lets anyone download camera snapshots without a password. An attacker can repeatedly grab images to see what the camera is monitoring, even though the main interface requires login.
Technical detail
The device exposes an unauthenticated HTTP endpoint ('/snapshot') on TCP port 8001 that bypasses the authentication enforced on the primary web interface (port 80), allowing remote attackers without credentials to retrieve camera frames. Repeated snapshot collection enables reconstruction of the video stream and full compromise of visual confidentiality in the monitored space.
Summary generated and translated by AI from the official description.
Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Denver · SHO-110Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →