Menu
What's new

Annke N48PBB NVR vulnerability

watchful_ip

watchful_ip

Pulling my weight
Joined
Nov 24, 2019
Messages
251
Reaction score
226
Location
london
If you have one of these on the Internet you might want to update. And reconsider having any IoT exposed to the internet in the first place :)

www.nozominetworks.com

New Annke Vulnerability Shows Risks of IoT Security Camera Systems

Nozomi Networks Labs has discovered a remote code execution vulnerability in the Annke N48PBB network video recorder. A patch is available.
www.nozominetworks.com www.nozominetworks.com
 
alastairstevenson

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,966
Reaction score
6,795
Location
Scotland
That seems like a fast response by Annke to the disclosure.
Presumably a device of their own manufacture, not an OEM product.
 
A

aamuk

n3wb
Joined
Jul 8, 2021
Messages
27
Reaction score
19
Location
UK
I thought the Annke N48PBB was one of their Hikvision oem NVRs.

Oh, there’s a picture of the mainboard in the Nozomi article:
1630314564193.jpeg
It says on it DS-80325_P.
 
Last edited:
watchful_ip

watchful_ip

Pulling my weight
Joined
Nov 24, 2019
Messages
251
Reaction score
226
Location
london
I looked at the firmware - it is Hikvision OEM.

But the vulnerable code looks to have been added by Annke themselves, as the Hikvision firmware doesn't seem to have it (though I didn't check everything so might have missed it, but I am sure it would have been noted).

The fast response may have been because the fixed firmware has a build date in April - before the vulnerability was reported.
 
You must log in or register to reply here.
Top