Certain Anpviz products allow unauthenticated users to download arbitrary files from the device’s filesystem via a HTTP GET request to the /playback/ URI. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, and YM200E10 (IP Cameras) firmware v3.2.2.2 and lower and possibly more vendors/models of IP camera.
[
{
"cpes": [
"cpe:2.3:o:anpviz:ipc-d250_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "anpviz",
"product": "ipc-d250_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.2.2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:anpviz:ipc-d260_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "anpviz",
"product": "ipc-d260_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.2.2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:anpviz:ipc-b850_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "anpviz",
"product": "ipc-b850_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.2.2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:anpviz:ipc-d850_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "anpviz",
"product": "ipc-d850_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.2.2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:anpviz:ipc-d350_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "anpviz",
"product": "ipc-d350_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.2.2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:anpviz:ipc-d3150_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "anpviz",
"product": "ipc-d3150_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.2.2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:anpviz:ipc-d4250_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "anpviz",
"product": "ipc-d4250_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.2.2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:anpviz:ipc-d380_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "anpviz",
"product": "ipc-d380_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.2.2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:anpviz:ipc-d880_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "anpviz",
"product": "ipc-d880_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.2.2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:anpviz:ipc-d280_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "anpviz",
"product": "ipc-d280_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.2.2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:anpviz:ipc-d3180_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "anpviz",
"product": "ipc-d3180_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.2.2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:anpviz:mc800n_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "anpviz",
"product": "mc800n_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.2.2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:anpviz:ym800n_n2_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "anpviz",
"product": "ym800n_n2_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.2.2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:anpviz:ymf50b_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "anpviz",
"product": "ymf50b_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.2.2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:anpviz:ym800sv2_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "anpviz",
"product": "ym800sv2_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.2.2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:anpviz:ym500l8_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "anpviz",
"product": "ym500l8_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.2.2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:anpviz:ym200e10_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "anpviz",
"product": "ym200e10_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.2.2"
}
],
"defaultStatus": "unknown"
}
]