CVE-2021-4469

UNKNOWN 0.0

Denver SHO-110 IP Camera Unauthenticated Snapshot Access

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.

CWE	CWE-306 CWE-1242
Vendor	denver
Product	sho-110
Published	Nov 14, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for denver sho-110

Be the first to know when new unknown vulnerabilities affecting denver sho-110 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Denver / SHO-110

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/50162 old.denver.eu: http://old.denver.eu/products/smart-home-security/denver-sho-110/c-1024/c-1243/p-3826 vulncheck.com: https://www.vulncheck.com/advisories/denver-sho-110-ip-camera-unauthenticated-snapshot-access

Credits

Ivan Nikolsky (enty8080)