CVE-2021-40378
Description
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated access to /cgi-bin/support/killps.cgi on Compro IP cameras allows remote attackers to delete all device data, causing a denial of service.
Vulnerability
The /cgi-bin/support/killps.cgi endpoint on Compro IP70 firmware 2.08_7130218, IP570 firmware 2.08_7130520, IP60, and TN540 devices can be triggered to delete all data from the device. No authentication is required to access this CGI script [1].
Exploitation
An attacker with network access to the device can send a request to the vulnerable CGI endpoint. No prior authentication or user interaction is needed. The exact request method (GET/POST) is not specified, but the script executes immediately upon access [1].
Impact
Successful exploitation results in the deletion of all data stored on the device, effectively rendering it inoperable. This constitutes a denial of service (DoS) and potential permanent data loss. The device may require reconfiguration or factory reset to restore functionality.
Mitigation
As of the publication date (2021-09-01), no official patch or firmware update has been disclosed by Compro. Users should restrict network access to the device, place it behind a firewall, and disable the CGI endpoint if possible. The device may be end-of-life; contact the vendor for guidance.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Compro/IP70 devicedescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.