Denver IP Camera SHO-110 Snapshot Disclosure

CVE Category Price Severity
CVE-2021-38703 CWE-200 $300 Medium
Author Risk Exploitation Type Date
Unknown High Remote 2021-07-30
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

Denver IP Camera SHO-110 Snapshot Disclosure
# Exploit Title: Denver IP Camera SHO-110 - Unauthenticated Snapshot
# Date: 28 July 2021
# Exploit Author: Ivan Nikolsky (enty8080)
# Vendor Homepage:
# Version: Denver SHO-110 (all firmware versions)
# Tested on: Denver SHO-110

Backdoor was found in a Denver SHO-110 IP Camera. Maybe other models also have this backdoor too.

So, the backdoor located in the camera's second http service, allows the attacker to get a snapshot through `/snapshot` endpoint. There are two http services in camera: first - served on port 80, and it requires authentication, and the second - served on port 8001, and it does not require authentication.

It's possible to write a script that will collect snapshots and add them to each other, so the attacker will be able to disclosure the camera stream.



Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum