CVE-2021-4469

HIGH

Denver SHO-110 - Unauthenticated Snapshot Access via Secondary HTTP Service

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-4469. PoCs published by Ivan Nikolsky.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated snapshot retrieval vulnerability in Denver SHO-110 IP Camera via an exposed endpoint on port 8001. The backdoor allows attackers to bypass authentication and capture snapshots, potentially reconstructing the camera stream.

Description

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.

Exploits (1)

exploitdb WORKING POC

by Ivan Nikolsky · textwebappshardware

https://www.exploit-db.com/exploits/50162

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated snapshot retrieval vulnerability in Denver SHO-110 IP Camera via an exposed endpoint on port 8001. The backdoor allows attackers to bypass authentication and capture snapshots, potentially reconstructing the camera stream.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Denver SHO-110 IP Camera (all firmware versions)

No auth needed

Prerequisites: Network access to the camera's port 8001

MITRE ATT&CK

T1119 - Automated Collection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/50162

Various Sources product

http://old.denver.eu/products/smart-home-security/denver-sho-110/c-1024/c-1243/p-3826

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/denver-sho-110-ip-camera-unauthenticated-snapshot-access

Scores

CVSS v4 8.7

EPSS 0.0057

EPSS Percentile 42.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-1242 CWE-306

Status published

Products (1)

Denver/SHO-110

Published Nov 14, 2025

Tracked Since Feb 18, 2026