CRITICAL🇵🇱 Wersja polska

CVE-2024-35344

CVSS 9.9v3.1pub. 2024-05-28upd. 2026-04-15

Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, and YM200E10 firmware v3.2.2.2 and lower and possibly more vendors/models of IP camera.

🤖 AI Analysis
How it works

Anpviz device firmware contains a hardcoded cryptographic key that cannot be changed by the user or administrator. This key is identical for all instances of vulnerable device models. An attacker who extracts the key from the firmware (e.g., by analyzing the firmware file) can use it to decrypt communications, impersonate the device, or conduct further attacks on network infrastructure. The attack vector is network-based, does not require user interaction, and only requires standard user privileges to execute.

Impact

An attacker can gain unauthorized access to the device's encrypted communications, and as a result, take full control of it — which includes compromising confidentiality, integrity, and availability of the system and potentially the entire network to which the camera is connected.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until an update is applied, it is recommended to isolate vulnerable devices from the public internet, place them behind a firewall, and restrict network access only to trusted hosts.

Who is affected

Anpviz IP cameras: IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, YM200E10 with firmware version v3.2.2.2 and lower; it is possible that the vulnerability also affects devices from other manufacturers/models of IP cameras based on the same firmware.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References