ICAM365 CCTV Camera Multiple Models

RISK EVALUATION Successful exploitation of these vulnerabilities could result in unauthorized exposure of camera video streams and camera configuration data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such...

PT-2025-47628

Name of the Vulnerable Software and Affected Versions versions affected versions not specified Description The product allows unauthenticated access to Real Time Streaming Protocol RTSP services, potentially granting an attacker unauthorized access to camera configuration information. Real Time...

PT-2025-47630

Name of the Vulnerable Software and Affected Versions Net devices affected versions not specified Description The affected products allow unauthenticated access to Open Network Video Interface Forum ONVIF services. This may allow an attacker unauthorized access to camera configuration information...

iCam365 P201和iCam365 QC021 访问控制错误漏洞

The iCam365 P201 and iCam365 QC021 are both a network surveillance camera from the Chinese company iCam365. An access control error vulnerability exists in the iCam365 P201 and iCam365 QC021, which stems from unauthenticated access to the ONVIF service and could lead to unauthorized access to...

iCam365 P201和iCam365 QC021 访问控制错误漏洞

The iCam365 P201 and iCam365 QC021 are both a network surveillance camera from the Chinese company iCam365. An access control error vulnerability exists in the iCam365 P201 and iCam365 QC021 that stems from the product allowing unauthenticated access to the RTSP service, which could lead to...

Vivotek Camera 安全漏洞

Vivotek Camera is a webcam from China VIVOTEK Communications Vivotek. A security vulnerability exists in Vivotek Camera that stems from the firmware using default credentials to log into the root and user accounts...

CVE-2021-4469

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by...

CVE-2021-4468

PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file from the device. The backup contains sensitive configuration information,...

CVE-2021-4469 Denver SHO-110 IP Camera Unauthenticated Snapshot Access

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by...

CVE-2021-4469

CVE-2021-4469 : Denver SHO-110 IP cameras expose a secondary HTTP service on port 8001 with an unauthenticated /snapshot endpoint. While port 80 requires authentication, the backdoor service allows remote attackers to fetch snapshots directly, enabling repeated collection and potential reconstruc...

CVE-2021-4469 Denver SHO-110 IP Camera Unauthenticated Snapshot Access

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by...

EUVD-2021-34716

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by...

EUVD-2021-34718

PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file from the device. The backup contains sensitive configuration information,...

CVE-2021-4468

PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can retrieve a compressed configuration backup file, which contains credentials and enables administrative access, compromising confidentia...

CVE-2021-4468 PLANEX CS-QP50F-ING2 Smart Camera Remote Configuration Disclosure

PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file from the device. The backup contains sensitive configuration information,...

CVE-2025-55810

A vulnerability was found in Alaga Home Security WiFi Camera 3K model S-CW2503C-H with hardware version V03 and firmware version 1.4.2, which allows physical attackers to execute commands as root via script file with a specific name on a SD card...

Denver SHO-110 安全漏洞

The Denver SHO-110 is a wireless IP camera from Denver, Denmark. A security vulnerability exists in the Denver SHO-110 that originates from an unauthenticated HTTP service exposing a snapshot endpoint, which could lead to compromised confidentiality of the surveillance environment...

PLANEX CS-QP50F-ING2 安全漏洞

The Planex PLANEX CS-QP50F-ING2 is a smart camera from Planex Japan. A security vulnerability exists in the PLANEX CS-QP50F-ING2 that stems from the configuration of a backup interface without authentication, which could lead to the disclosure of sensitive information and compromise the...

CVE-2025-55810

A vulnerability was found in Alaga Home Security WiFi Camera 3K model S-CW2503C-H with hardware version V03 and firmware version 1.4.2, which allows physical attackers to execute commands as root via script file with a specific name on a SD card...

CVE-2025-55810

A vulnerability was found in Alaga Home Security WiFi Camera 3K model S-CW2503C-H with hardware version V03 and firmware version 1.4.2, which allows physical attackers to execute commands as root via script file with a specific name on a SD card...