top of page

Compro Technology IP Camera - Credential Disclosure (CVE-2021-40380)

Application Details

Compro Technology is a large developer and manufacturer of IT products, specialising in network video. Providing digital network-based surveillance solutions.


Multiple Compro products could allow a remote attacker to obtain sensitive information, caused by improper access control in cameralist.cgi.


By sending a specially crafted request, an attacker could exploit this vulnerability to obtain credentials.

GET /cgi-bin/cameralist/cameralist.cgi?id=*


By turning this into a traffic file and matching rule, we are able to detect unauthorised attempts in the disclosure of device administrator credentials (usernames and passwords), or RSTP credentials.


Idappcom has created signature 8021774 along with a traffic file.


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here:


bottom of page