CVE-2021-47796

Denver · SHC-150 Smart Wifi Camera

The Denver SHC-150 Smart Wifi Camera uses hardcoded telnet credentials, enabling unauthenticated remote access to a Linux shell and arbitrary command execution.

Executive summary

A critical hardcoded credential vulnerability in the Denver SHC-150 Smart Wifi Camera allows unauthenticated attackers to gain full control of the device.

Vulnerability

The device contains hardcoded credentials for the telnet service (port 23). This allows any unauthenticated attacker on the network to access a Linux shell and execute arbitrary commands with administrative privileges.

Business impact

With a CVSS score of 9.8, this vulnerability represents a total compromise of the affected camera. An attacker gaining shell access can pivot into the internal network, intercept video feeds, or incorporate the device into a botnet, posing a significant security and privacy risk to the organization.

Remediation

Immediate Action: Update the device firmware to the latest version provided by Denver and disable the telnet service immediately.

Proactive Monitoring: Monitor network traffic for unauthorized connections to port 23 and inspect logs for suspicious command execution.

Compensating Controls: Isolate IoT devices on a dedicated, restricted VLAN and implement firewall rules to block external access to management ports like telnet.

Exploitation status

Public Exploit Available: None

Analyst recommendation

This vulnerability is highly severe because it provides trivial, unauthenticated access to the underlying operating system. Organizations must prioritize firmware updates and network isolation to prevent unauthorized access to these devices.