{
  "root_cause": "Factory/default user loading inserts admin with an empty password into the Anyka N1 HTTP user database, making HTTP Basic admin: valid on protected NetSDK routes.",
  "primary_anchor": {
    "file_path": "source/anyka_ipc/cloud/n1/src/n1_init.c",
    "function": "n1_usr_load",
    "line_start": 331,
    "line_end": 386
  },
  "sink": {
    "component": "libNkN1API.a NetSDK HTTP Basic authentication",
    "symbols_or_strings": [
      "Authorization",
      "Basic realm=\"nkHTTP\"",
      "N1_Device_HandleNetSDKHTTP",
      "N1_Device_HandleNetSDK",
      "NK_N1Device_HasUser"
    ]
  },
  "candidates": [
    {
      "candidate": "GET /NetSDK/System/deviceInfo with admin:",
      "same_root_cause": true,
      "same_surface": true,
      "equivalence_reason": "Original protected NetSDK Basic-auth oracle. Success depends on stored empty admin password."
    },
    {
      "candidate": "GET /NetSDK/Network/interface/1 with admin:",
      "same_root_cause": true,
      "same_surface": true,
      "equivalence_reason": "Different NetSDK endpoint reaches the same Basic-auth user database and is blocked by the same non-empty-password fixed control."
    },
    {
      "candidate": "GET /snapshot.jpg without auth",
      "same_root_cause": false,
      "same_surface": false,
      "equivalence_reason": "Reachability does not depend on Basic admin: and persists after non-empty-password fixed control; therefore separate surface."
    },
    {
      "candidate": "GET /cgi-bin/gw2.cgi without auth",
      "same_root_cause": false,
      "same_surface": false,
      "equivalence_reason": "Legacy CGI info response does not use the empty admin credential and is not a bypass of the default-credential fix."
    }
  ],
  "conclusion": "No candidate was both same-root-cause and successful on the fixed-control target."
}
