CVE-2021-4469

HIGH

Denver SHO-110 - Info Disclosure

Title source: llm

Description

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.

Exploits (1)

exploitdb WORKING POC

by Ivan Nikolsky · textwebappshardware

https://www.exploit-db.com/exploits/50162

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/50162

[Various Sources] http://old.denver.eu/products/smart-home-security/denver-sho-110/c-1024/c-1243/p-3826

[Third Party Advisory] https://www.vulncheck.com/advisories/denver-sho-110-ip-camera-unauthenticated-snapshot-access

Scores

CVSS v4 8.7

EPSS 0.0032

EPSS Percentile 55.2%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-1242 CWE-306

Status published

Products (1)

Denver/SHO-110

Published Nov 14, 2025

Tracked Since Feb 18, 2026