Denver SHO-110 IP Camera Unauthenticated Snapshot Access

Advisories

severity: high
date: November 14, 2025
Affecting: SHO-110 firmware
An affected version range remains undefined
This product appears to no longer be supported
Other IP camera models may be affected
CVE: CVE-2021-4469
CWE: CWE-306 Missing Authentication for Critical Function
CWE-1242 Inclusion of Undocumented Features or Chicken Bits
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-50162
Denver Deprecated Product Site
Credit: Ivan Nikolsky (enty8080)
Description: Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.