CVE-2021-40381
Description
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. index_MJpeg.cgi allows video access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated video stream access via index_MJpeg.cgi on Compro IP cameras allows remote attackers to view live feeds.
Vulnerability
The vulnerability exists in the index_MJpeg.cgi endpoint on Compro IP70 (firmware 2.08_7130218), IP570 (2.08_7130520), IP60, and TN540 devices [1]. The CGI script provides direct access to the camera's video stream without any authentication or authorization checks, allowing any remote user to retrieve the live feed.
Exploitation
An attacker can exploit this by sending a simple HTTP GET request to the vulnerable endpoint, e.g., http:///index_MJpeg.cgi. No prior authentication, network position restrictions, or user interaction are required. The request returns the MJPEG video stream directly.
Impact
Successful exploitation results in unauthorized disclosure of live video footage from the affected camera. This compromises the confidentiality of the video feed, potentially exposing sensitive visual information to any remote attacker who can reach the device.
Mitigation
As of the publication date, no official fix or workaround has been disclosed in the available references [1]. Users should restrict network access to the camera's web interface using firewall rules or place the device behind a VPN until a patch is released.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Compro/IP70 devicedescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.