CVE-2021-4468

high

Description

PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file from the device. The backup contains sensitive configuration information, including credentials, allowing an attacker to obtain administrative access to the camera and compromise the confidentiality of the monitored environment.

References

https://www.vulncheck.com/advisories/planex-cs-qp50f-ing2-smart-camera-remote-configuration-disclosure

https://www.planex.co.jp/products/cs-qp50f/

https://packetstorm.news/files/id/160805/

https://cxsecurity.com/issue/WLB-2021010050

Details

Source: Mitre, NVD

Published: 2025-11-14

Updated: 2025-11-14

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

CVSS v4

Base Score: 8.7

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00327