CVE-2021-32941

Name of the Vulnerable Software and Affected Versions Annke N48PBB (Network Video Recorder) versions 3.4.106 build 200422 and prior

Description The issue is a stack-based buffer overflow that allows an unauthorized remote attacker to execute arbitrary code with the same privileges as the server user (root). This vulnerability affects Annke N48PBB Network Video Recorder products, which are used for storing and viewing video streams, as well as managing cameras. The vulnerability can be exploited to gain access to recorded videos, delete footage, modify configurations (such as motion detection signals), and disable certain cameras or the network video recorder to stop recording. It is estimated that more than 5 million clients worldwide are affected.

Recommendations For Annke N48PBB (Network Video Recorder) versions 3.4.106 build 200422 and prior, update the firmware to the latest version to patch the vulnerability. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.