CVE-2021-47796
Published: 16 January 2026
Summary
CVE-2021-47796 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Denver SHC-150 Smart (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, ranked at the 23.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and IA-5 (Authenticator Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates changing default authenticators prior to use and ensuring sufficient strength of mechanism, preventing exploitation of hardcoded Telnet credentials.
Prohibits or restricts unnecessary ports, protocols, and services like Telnet, eliminating exposure of the vulnerable Linux shell access.
Monitors and controls communications at external boundaries to block unauthorized network access to the Telnet port 23.
NVD Description
Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows unauthenticated attackers to access a Linux shell. Attackers can connect to port 23 using the default credential to execute arbitrary commands on the camera's operating system.
Deeper analysisAI
CVE-2021-47796 is a hardcoded Telnet credential vulnerability (CWE-798) affecting the Denver SHC-150 Smart WiFi Camera. The flaw enables unauthenticated attackers to gain access to the device's underlying Linux shell by connecting to TCP port 23 using default credentials. This critical issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting its high impact on confidentiality, integrity, and availability.
Unauthenticated remote attackers with network access to the camera can exploit this vulnerability by simply connecting to port 23 via Telnet and supplying the hardcoded credentials. Successful exploitation grants a full Linux shell, allowing attackers to execute arbitrary commands on the camera's operating system and achieve remote code execution (RCE), potentially leading to complete device compromise.
Advisories, including one from VulnCheck, describe the vulnerability as enabling Telnet-based RCE on the Denver SHC-150. A proof-of-concept exploit is publicly available on Exploit-DB (exploit #50160). The Denver product page provides details on the affected SHC-150 indoor IP camera model, but no patches or specific mitigations are detailed in the referenced sources.
A publicly available exploit underscores the risk of real-world exploitation for this Internet-exposed IoT device.
Details
- CWE(s)