Based on the screenshot of the web page, here are the key pieces of information regarding the vulnerability: Advisory Title: Denver SHO-110 IP Camera Unauthenticated Snapshot Access Severity: High Date: November 14, 2025 Affected: - SHO-110 firmware - An affected version range remains undefined - This product appears to no longer be supported - Other IP camera models may be affected CVE: CVE-2021-4469 CWE: - CWE-306 Missing Authentication for Critical Function - CWE-1242 Inclusion of Undocumented Features or Chicken Bits CVSS: 8.7 CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N References: - ExploitDB-50162 - Denver Deprecated Product Site Credit: Ivan Nikolsky (enty8080) Description: Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.