=== CVE-2026-58453 variant search: alternate Basic-auth paths and fix-bypass checks === ROOT=/data/pruva/runs/43236abd-54ae-4d2e-a94e-868a8998cf47/bundle VV=/data/pruva/runs/43236abd-54ae-4d2e-a94e-868a8998cf47/bundle/vuln_variant PROJECT_CACHE=/data/pruva/project-cache/96283568-986d-4060-b56e-77907ddbb40a SmartCamera source commit: a5bece938ff0dc019ead3d62fa6adefbc8c497fe Disclosure repo commit: 2554725f808a34e23a938b09b0f6db86c2adc01d /data/pruva/runs/43236abd-54ae-4d2e-a94e-868a8998cf47/bundle/vuln_variant/build/n1_variant_launcher_arm: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, BuildID[sha1]=4a47b835c19a1012ec5229f6337b9ed091d1ce9c, for GNU/Linux 3.2.0, not stripped b75d1ad7fcdfb22c58d9049c816d39464afa1ae77e25f2bf73b808e22877198a /data/pruva/runs/43236abd-54ae-4d2e-a94e-868a8998cf47/bundle/vuln_variant/build/n1_variant_launcher_arm === Starting vulnerable target on 127.0.0.1:18120 (admin password length 0) === vulnerable health path=/NetSDK/System/deviceInfo auth= http_code=000 bytes=0 vulnerable health path=/NetSDK/System/deviceInfo auth= http_code=401 bytes=130 Service on port 18120 is accepting HTTP; health status=401 vulnerable c1_netsdk_deviceinfo_admin_empty path=/NetSDK/System/deviceInfo auth=admin: http_code=200 bytes=251 vulnerable c2_netsdk_network_admin_empty path=/NetSDK/Network/interface/1 auth=admin: http_code=200 bytes=510 vulnerable c3_snapshot_noauth_exclusion path=/snapshot.jpg auth= http_code=200 bytes=22 vulnerable c4_legacy_gw2_noauth_exclusion path=/cgi-bin/gw2.cgi auth= http_code=200 bytes=199 === Completed vulnerable target === === Starting fixed_control target on 127.0.0.1:18121 (admin password length 12) === fixed_control health path=/NetSDK/System/deviceInfo auth= http_code=000 bytes=0 fixed_control health path=/NetSDK/System/deviceInfo auth= http_code=401 bytes=130 Service on port 18121 is accepting HTTP; health status=401 fixed_control c1_netsdk_deviceinfo_admin_empty path=/NetSDK/System/deviceInfo auth=admin: http_code=401 bytes=130 fixed_control c2_netsdk_network_admin_empty path=/NetSDK/Network/interface/1 auth=admin: http_code=401 bytes=132 fixed_control c3_snapshot_noauth_exclusion path=/snapshot.jpg auth= http_code=200 bytes=22 fixed_control c4_legacy_gw2_noauth_exclusion path=/cgi-bin/gw2.cgi auth= http_code=200 bytes=199 fixed_control control_configured_password path=/NetSDK/System/deviceInfo auth=admin:fixed-secret http_code=200 bytes=251 === Completed fixed_control target === === NO CONFIRMED VARIANT/BYPASS: same-root admin:empty attempts work only on vulnerable configuration; fixed-control rejects them. Excluded public snapshot/gw2 paths are separate surfaces, not default-credential bypasses. ===