CVE-2021-4469 PUBLISHED

Denver SHO-110 IP Camera Unauthenticated Snapshot Access

Assigner: VulnCheck
Reserved: 14.11.2025 Published: 14.11.2025 Updated: 17.11.2025

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.7

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	Denver
Product	SHO-110
Versions	Default: unknown Version 0 is affected

Credits

Ivan Nikolsky (enty8080) finder

References

Problem Types

CWE-306 Missing Authentication for Critical Function CWE
CWE-1242 Inclusion of Undocumented Features or Chicken Bits CWE

Impacts

CAPEC-36 Using Unpublished Interfaces or Functionality