LiveActive security incident?Get immediate response
CVE Record

CVE-2021-4468: PLANEX CS-QP50F-ING2 Smart Camera Remote Configuration Disclosure

PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file from the device. The backup contains sensitive configuration information, including credentials, allowing an attacker to obtain administrative access to the camera and compromise the confidentiality of the monitored environment.

HighCVSS 8.7Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

A PLANEX smart camera lets anyone on the network grab its full configuration file without logging in. That backup includes the admin password, so an attacker can take over the camera and watch whatever it records. If the camera is reachable from the internet, a stranger can quietly walk in and own it.

Executive priority

Treat as a high-priority IoT exposure if PLANEX CS-QP50F-ING2 cameras are deployed. Surveillance footage and admin credentials can be stolen by an unauthenticated attacker, with reputational and privacy consequences. Direct network teams to isolate or remove these cameras until vendor guidance confirms a fix.

Technical view

The PLANEX CS-QP50F-ING2 exposes an HTTP endpoint that returns a compressed configuration backup with no authentication (CWE-306, Missing Authentication for Critical Function). The archive contains administrative credentials and device settings, enabling full administrative takeover. CVSS 4.0 scores 8.7 (AV:N/AC:L/PR:N/UI:N) reflecting unauthenticated network access with high confidentiality impact.

Likely exposure

Affects PLANEX CS-QP50F-ING2 smart cameras with the configuration backup interface reachable over the network. Risk is highest for devices exposed to the internet or untrusted segments. Affected version data in the source bundle is incomplete ("0" / unknown), so all deployments should be treated as potentially vulnerable until vendor confirms otherwise.

Exploitation context

Public proof-of-concept write-ups exist on Packet Storm and cxsecurity, and a third-party advisory is published by VulnCheck. The CVE is not listed in CISA KEV and the source bundle does not confirm in-the-wild exploitation, but the unauthenticated, network-reachable nature of the flaw makes opportunistic abuse straightforward.

Researcher notes

CWE-306 with no authentication on a config-backup endpoint; the archive yields admin credentials, enabling pivot to live video, account reuse checks, and lateral movement on the management VLAN. The CVE record lists affected version as "0" with defaultStatus "unknown", so version-based filtering is unreliable—test by behavior. No vendor patch is cited in the bundle; monitor PLANEX product page and VulnCheck advisory for updates.

Mitigation direction

  • Block inbound internet access to the camera's HTTP interface at the perimeter firewall.
  • Place the camera on an isolated VLAN with strict ACLs to management hosts only.
  • Check PLANEX vendor guidance for firmware updates or hardening advisories before continued use.
  • Rotate any credentials that may have been stored on the device or reused elsewhere.
  • If no fix is available, consider replacing the device with a supported, authenticated model.

Validation and detection

  • Inventory all PLANEX CS-QP50F-ING2 cameras and record firmware versions and network exposure.
  • From an authorized test host, confirm whether the configuration backup endpoint responds without authentication.
  • Review firewall and NAT rules for any inbound exposure of camera HTTP ports.
  • Search proxy and IDS logs for unusual GET requests to camera management URLs.
  • Confirm credential hygiene by ensuring camera passwords are unique and not reused on other systems.
Prepared
Confidence
medium
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · medium confidence lookup

CWE-306: Credential and account abuse lookup

Authentication and credential weaknesses can make valid-account abuse and credential telemetry useful review starting points. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2021-4468 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
8.7 (4.0)
Known Exploited
No
Published

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
5Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
8.7CVSS 4.0HighCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:NPrimary CVE score

Vulnerability scoring details

Base CVSS 4.0 score

8.7High
CVSS 4.0 vector shape for CVE-2021-4468Attack VectorAttack ComplexityAttack RequirementsPrivileges RequiredUser InteractionVS ConfidentialityVS IntegrityVS AvailabilitySS ConfidentialitySS IntegritySS Availability

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Attack Requirements
NonePresent
Privileges Required
NoneLowHigh
User Interaction
NonePassiveActive
VS Confidentiality
HighLowNone
VS Integrity
HighLowNone
VS Availability
HighLowNone
SS Confidentiality
HighLowNone
SS Integrity
HighLowNone
SS Availability
HighLowNone
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
PLANEX COMMUNICATIONS Inc.CS-QP50F-ING20unknown
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.