Login Sign Up

CVE-2021-40382

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in Compro IP camera devices allows unauthorized access to video screenshots via the mjpegStreamer.cgi endpoint. Attackers can capture live video feeds without authentication, affecting Compro IP70, IP570, IP60, and TN540 camera models.

💻 Affected Systems

Products:
  • Compro IP70
  • Compro IP570
  • Compro IP60
  • Compro TN540
Versions: IP70 2.08_7130218, IP570 2.08_7130520, and unspecified versions of IP60 and TN540
Operating Systems: Embedded camera firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Devices with mjpegStreamer.cgi accessible are vulnerable. No special configuration required.

📦 What is this software?

Ip570 Firmware by Comprotech

View all CVEs affecting Ip570 Firmware →

Ip60 Firmware by Comprotech

View all CVEs affecting Ip60 Firmware →

Ip70 Firmware by Comprotech

View all CVEs affecting Ip70 Firmware →

Tn540 Firmware by Comprotech

View all CVEs affecting Tn540 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete surveillance compromise where attackers continuously monitor camera feeds, potentially capturing sensitive activities, personal information, or security operations.

🟠

Likely Case

Unauthorized access to live camera feeds, enabling surveillance of monitored areas and potential privacy violations.

🟢

If Mitigated

Limited to attempted access attempts that are blocked by network controls, with no actual video feed exposure.

🌐 Internet-Facing: HIGH - Internet-exposed cameras are directly vulnerable to exploitation from anywhere.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could access camera feeds.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP request to mjpegStreamer.cgi endpoint can retrieve video screenshots. Public exploit details available in referenced resources.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check vendor website for firmware updates and apply if available.

🔧 Temporary Workarounds

Network Access Control

all

Block external access to camera management interfaces and restrict internal access to authorized networks only.

Firewall Rules

all

Implement firewall rules to block access to mjpegStreamer.cgi endpoint from untrusted networks.

🧯 If You Can't Patch

  • Isolate cameras on separate VLAN with strict access controls
  • Implement network monitoring for unauthorized access attempts to camera endpoints

🔍 How to Verify

Check if Vulnerable:

Attempt HTTP GET request to http://[camera-ip]/mjpegStreamer.cgi. If it returns video data without authentication, device is vulnerable.

Check Version:

Check camera web interface or documentation for firmware version information.

Verify Fix Applied:

After applying controls, verify mjpegStreamer.cgi endpoint is no longer accessible or requires authentication.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to mjpegStreamer.cgi from unauthorized IP addresses
  • Unusual access patterns to camera management interfaces

Network Indicators:

  • HTTP GET requests to /mjpegStreamer.cgi from external IPs
  • Unusual traffic volume from camera devices

SIEM Query:

source="camera_logs" AND uri="/mjpegStreamer.cgi" AND NOT src_ip IN [authorized_ips]

📊 Metadata

CVE ID: CVE-2021-40382
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: September 1, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON