Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, and YM200E10 firmware v3.2.2.2 and lower and possibly more vendors/models of IP camera.
Anpviz device firmware contains a hardcoded cryptographic key that cannot be changed by the user or administrator. This key is identical for all instances of vulnerable device models. An attacker who extracts the key from the firmware (e.g., by analyzing the firmware file) can use it to decrypt communications, impersonate the device, or conduct further attacks on network infrastructure. The attack vector is network-based, does not require user interaction, and only requires standard user privileges to execute.
An attacker can gain unauthorized access to the device's encrypted communications, and as a result, take full control of it — which includes compromising confidentiality, integrity, and availability of the system and potentially the entire network to which the camera is connected.
Apply patches available from the manufacturer according to the references. Until an update is applied, it is recommended to isolate vulnerable devices from the public internet, place them behind a firewall, and restrict network access only to trusted hosts.
Anpviz IP cameras: IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, YM200E10 with firmware version v3.2.2.2 and lower; it is possible that the vulnerability also affects devices from other manufacturers/models of IP cameras based on the same firmware.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H