CVE-2024-35344

May 28, 2024, 5:15 p.m.

None
No Score

Description

Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, and YM200E10 firmware v3.2.2.2 and lower and possibly more vendors/models of IP camera.

Product(s) Impacted

Product Versions
Anpviz IPC-D250 IP camera
  • 3.2.2.2 and lower
Anpviz IPC-D260 IP camera
  • 3.2.2.2 and lower
Anpviz IPC-B850 IP camera
  • 3.2.2.2 and lower
Anpviz IPC-D850 IP camera
  • 3.2.2.2 and lower
Anpviz IPC-D350 IP camera
  • 3.2.2.2 and lower
Anpviz IPC-D3150 IP camera
  • 3.2.2.2 and lower
Anpviz IPC-D4250 IP camera
  • 3.2.2.2 and lower
Anpviz IPC-D380 IP camera
  • 3.2.2.2 and lower
Anpviz IPC-D880 IP camera
  • 3.2.2.2 and lower
Anpviz IPC-D280 IP camera
  • 3.2.2.2 and lower
Anpviz IPC-D3180 IP camera
  • 3.2.2.2 and lower
Anpviz MC800N IP camera
  • 3.2.2.2 and lower
Anpviz YM500L IP camera
  • 3.2.2.2 and lower
Anpviz YM800N_N2 IP camera
  • 3.2.2.2 and lower
Anpviz YMF50B IP camera
  • 3.2.2.2 and lower
Anpviz YM800SV2 IP camera
  • 3.2.2.2 and lower
Anpviz YM500L8 IP camera
  • 3.2.2.2 and lower
Anpviz YM200E10 IP camera
  • 3.2.2.2 and lower

Weaknesses

References

https://willgu.es/pages/anpviz-ip-camera-vuln.html

Tags

cve@mitre.org
2024-05-28
CVE-2024-35344

Date

  • Published: May 28, 2024, 5:15 p.m.
  • Last Modified: May 28, 2024, 5:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.