CVE-2021-32941
published 2022-05-23CVE-2021-32941: Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow, which allows an…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
13.30%
95.9th percentile
Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow, which allows an unauthorized remote attacker to execute arbitrary code with the same privileges as the server user (root).
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| annke | n48pbb | All – V3.4.106 build 200422 | — |
| annke | n48pbb_firmware | < 3.4.106 | 3.4.106 |
| annke | n48pbb_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target device is Annke N48PBB (NVR) running firmware V3.4.106 build 200422 or prior; exploit is remotely triggered with no authentication required (PR:N/UI:N) ↗
- →Exploitation results in code execution as root; monitor for unexpected root-level processes or shell spawning from NVR/NVR-related service processes ↗
- ·No known public exploits specifically target this vulnerability at time of advisory publication; detection should focus on anomalous behaviour rather than known exploit signatures ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Annke Network Video Recorder
cisa_ics·2021-08-26·CVSS 9.4
[CRITICAL] Annke Network Video Recorder
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Annke Network Video Recorder
Last RevisedAugust 26, 2021
Alert CodeICSA-21-238-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.4
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Annke
- Equipment: N48PBB (NVR)
- Vulnerability: Stack-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of this vulnerability may cause a stack-based buffer overflow, which could allow an unauthenticated remote attacker access to sensitive information and execute arbitrary code.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
This vulnerability affects following versi
GHSA
GHSA-3wjh-7493-7f9f: Annke N48PBB (Network Video Recorder) products of version 3
ghsa_unreviewed·2022-05-24
CVE-2021-32941 [CRITICAL] CWE-121 GHSA-3wjh-7493-7f9f: Annke N48PBB (Network Video Recorder) products of version 3
Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow, which allows an unauthorized remote attacker to execute arbitrary code with the same privileges as the server user (root).
No detection rules found.
No public exploits indexed.
2022-05-23
Published