QwikSec

Security Database

CVE

CWE

Training

CVE-2021-4468

Published: Nov 14, 2025

Modified: Nov 17, 2025

PUBLISHED

Description

PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file from the device. The backup contains sensitive configuration information, including credentials, allowing an attacker to obtain administrative access to the camera and compromise the confidentiality of the monitored environment.

Vendor	Product	Versions
PLANEX COMMUNICATIONS Inc.	CS-QP50F-ING2	affected `0`

Weaknesses (CWE)

References

https://packetstorm.news/files/id/160805/

exploit

https://cxsecurity.com/issue/WLB-2021010050

exploit

https://www.planex.co.jp/products/cs-qp50f/

product

https://www.vulncheck.com/advisories/planex-cs-qp50f-ing2-smart-camera-remote-configuration-disclosure

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.