CVE-2021-32941
Published on: Not Yet Published
Last Modified on: 06/07/2022 02:51:00 PM UTC
Certain versions of N48pbb from Annke contain the following vulnerability:
Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow, which allows an unauthorized remote attacker to execute arbitrary code with the same privileges as the server user (root).
- CVE-2021-32941 has been assigned by
ics-[email protected] to track the vulnerability - currently rated as CRITICAL severity.
- Affected Vendor/Software:
Annke - N48PBB (NVR) version <= V3.4.106 build 200422
CVSS3 Score: 9.8 - CRITICAL
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 10 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
COMPLETE | COMPLETE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Annke Network Video Recorder | CISA | www.cisa.gov text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Hardware
| Annke | N48pbb | - | All | All | All |
Operating System | Annke | N48pbb Firmware | All | All | All | All |
Operating System | Annke | N48pbb Firmware | 3.4.106 | - | All | All |
Operating System | Annke | N48pbb Firmware | 3.4.106 | build_200422 | All | All |
- cpe:2.3:h:annke:n48pbb:-:*:*:*:*:*:*:*:
- cpe:2.3:o:annke:n48pbb_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:o:annke:n48pbb_firmware:3.4.106:-:*:*:*:*:*:*:
- cpe:2.3:o:annke:n48pbb_firmware:3.4.106:build_200422:*:*:*:*:*:*:
Discovery Credit
Andrea Palanca from Nozomi Networks reported this vulnerability to CISA.
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
Nozomi Networks found remote code execution vulnerability CVE-2021-32941 in the web service of the Annke N48PBB net… twitter.com/i/web/status/1… | 2021-08-27 11:30:02 |
![]() |
Novidades? Nenhuma: mais uma vulnerabilidade crítica (CVE-2021-32941) foi encontrada em um modelo de câmeras de seg… twitter.com/i/web/status/1… | 2021-08-27 19:30:18 |
![]() |
The vuln CVE-2021-32941 has a tweet created 0 days ago and retweeted 10 times. twitter.com/InfosecurityMa… #pow1rtrtwwcve | 2021-08-28 01:06:00 |
![]() |
Critical #IoT camera flaw (CVE-2021-32941) allows for device hijacking. #CyberSecurity, #infosec, #privacy… twitter.com/i/web/status/1… | 2021-08-29 04:12:04 |
![]() |
Nozomi Networks found remote code execution vulnerability CVE-2021-32941 in the web service of the Annke N48PBB net… twitter.com/i/web/status/1… | 2021-08-29 08:30:01 |
![]() |
Nozomi Networks found remote code execution vulnerability CVE-2021-32941 in the web service of the Annke N48PBB net… twitter.com/i/web/status/1… | 2021-08-29 08:46:20 |
![]() |
? Nozomi Networks Labs has discovered a critical Remote Code Execution (RCE) vulnerability (CVE-2021-32941) relate… twitter.com/i/web/status/1… | 2021-09-08 10:51:25 |
![]() |
#Nozomi Labs has discovered a critical #RCE vulnerability (CVE-2021-32941) related to the web service of the #Annke… twitter.com/i/web/status/1… | 2021-09-09 15:01:19 |
![]() |
CVE-2021-32941 : Annke N48PBB Network Video Recorder products of version 3.4.106 build 200422 and prior are vulne… twitter.com/i/web/status/1… | 2022-05-23 19:06:22 |
![]() |
New vulnerability on the NVD: CVE-2021-32941 ift.tt/qygeSis May 24, 2022 at 07:16AM | 2022-05-23 20:16:55 |
![]() |
CVE-2021-32941 | 2022-05-23 20:38:28 |