{
  "entrypoint_kind": "api_remote",
  "entrypoint_detail": "localhost TCP HTTP listener running real Anyka N1/anyka_ipc NetSDK HTTP service code from libNkN1API.a; tests compare factory-default admin:empty against non-empty-password remediated configuration",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "confirmed_bypass": false,
  "runtime_stack": [
    "qemu-arm",
    "ARM libNkN1API.a",
    "Anyka N1/anyka_ipc WEBS/NetSDK HTTP service"
  ],
  "candidate_results": [
    {
      "auth": "admin:",
      "body_artifact": "/data/pruva/runs/43236abd-54ae-4d2e-a94e-868a8998cf47/bundle/logs/vuln_variant/vulnerable_c1_netsdk_deviceinfo_admin_empty__NetSDK_System_deviceInfo_admin_.body",
      "body_excerpt": "{\"deviceName\":\"LR94125394\",\"deviceAddress\":1,\"description\":\"LR94125394\",\"model\":\"LR94125394\",\"serialNumber\":\"LR94125394\",\"sdkVersion\":\"1.5.7.38\",\"firmwareVersion\":\"1.5.7.38\",\"firmw",
      "candidate": "c1_netsdk_deviceinfo_admin_empty",
      "http_code": "200",
      "request_path": "/NetSDK/System/deviceInfo",
      "same_default_credential_root_cause": true,
      "target_role": "vulnerable",
      "verdict": "baseline_reproduced"
    },
    {
      "auth": "admin:",
      "body_artifact": "/data/pruva/runs/43236abd-54ae-4d2e-a94e-868a8998cf47/bundle/logs/vuln_variant/vulnerable_c2_netsdk_network_admin_empty__NetSDK_Network_interface_1_admin_.body",
      "body_excerpt": "{\"id\":1,\"idProperty\":{\"type\":\"integer\",\"mode\":\"ro\"},\"lan\":{\"ipVersion\":\"v4\",\"ipVersionProperty\":{\"type\":\"string\",\"mode\":\"rw\",\"opt\":[\"v4\",\"v6\"]},\"addressingType\":\"static\",\"addressin",
      "candidate": "c2_netsdk_network_admin_empty",
      "http_code": "200",
      "request_path": "/NetSDK/Network/interface/1",
      "same_default_credential_root_cause": true,
      "target_role": "vulnerable",
      "verdict": "alternate_protected_endpoint_reaches_same_auth_sink_on_vulnerable_target"
    },
    {
      "auth": "<none>",
      "body_artifact": "/data/pruva/runs/43236abd-54ae-4d2e-a94e-868a8998cf47/bundle/logs/vuln_variant/vulnerable_c3_snapshot_noauth_exclusion__snapshot.jpg_none.body",
      "body_excerpt": "\ufffd\ufffd\ufffd\ufffd\u0000\u0010JFIF\u0000\u0001\u0001\u0000\u0000\u0001\u0000\u0001\u0000\u0000\ufffd\ufffd",
      "candidate": "c3_snapshot_noauth_exclusion",
      "http_code": "200",
      "request_path": "/snapshot.jpg",
      "same_default_credential_root_cause": false,
      "target_role": "vulnerable",
      "verdict": "excluded_separate_public_snapshot_surface_not_default_credential_root_cause"
    },
    {
      "auth": "<none>",
      "body_artifact": "/data/pruva/runs/43236abd-54ae-4d2e-a94e-868a8998cf47/bundle/logs/vuln_variant/vulnerable_c4_legacy_gw2_noauth_exclusion__cgi-bin_gw2.cgi_none.body",
      "body_excerpt": "<juan ver=\"1.0\" seq=\"0\"><conf type=\"read\" user=\"\" password=\"\"><info device_name=\"IPC\" device_model=\"IPC\" device_sn=\"LR94125394\" software_version=\"1.5.7\" build_date=\"2015/12/24\" ></",
      "candidate": "c4_legacy_gw2_noauth_exclusion",
      "http_code": "200",
      "request_path": "/cgi-bin/gw2.cgi",
      "same_default_credential_root_cause": false,
      "target_role": "vulnerable",
      "verdict": "excluded_legacy_cgi_public_info_surface_not_default_credential_root_cause"
    },
    {
      "auth": "admin:",
      "body_artifact": "/data/pruva/runs/43236abd-54ae-4d2e-a94e-868a8998cf47/bundle/logs/vuln_variant/fixed_control_c1_netsdk_deviceinfo_admin_empty__NetSDK_System_deviceInfo_admin_.body",
      "body_excerpt": "{\"requestMethod\":\"GET\",\"requestURL\":\"/NetSDK/System/deviceInfo\",\"requestQuery\":\"\",\"statusCode\":201,\"statusMessage\":\"Unauthorized\"}",
      "candidate": "c1_netsdk_deviceinfo_admin_empty",
      "http_code": "401",
      "request_path": "/NetSDK/System/deviceInfo",
      "same_default_credential_root_cause": true,
      "target_role": "fixed_control",
      "verdict": "fixed_control_blocks_default_credential"
    },
    {
      "auth": "admin:",
      "body_artifact": "/data/pruva/runs/43236abd-54ae-4d2e-a94e-868a8998cf47/bundle/logs/vuln_variant/fixed_control_c2_netsdk_network_admin_empty__NetSDK_Network_interface_1_admin_.body",
      "body_excerpt": "{\"requestMethod\":\"GET\",\"requestURL\":\"/NetSDK/Network/interface/1\",\"requestQuery\":\"\",\"statusCode\":201,\"statusMessage\":\"Unauthorized\"}",
      "candidate": "c2_netsdk_network_admin_empty",
      "http_code": "401",
      "request_path": "/NetSDK/Network/interface/1",
      "same_default_credential_root_cause": true,
      "target_role": "fixed_control",
      "verdict": "not_bypass_fixed_control_blocks_default_credential_on_alternate_netsdk_path"
    },
    {
      "auth": "<none>",
      "body_artifact": "/data/pruva/runs/43236abd-54ae-4d2e-a94e-868a8998cf47/bundle/logs/vuln_variant/fixed_control_c3_snapshot_noauth_exclusion__snapshot.jpg_none.body",
      "body_excerpt": "\ufffd\ufffd\ufffd\ufffd\u0000\u0010JFIF\u0000\u0001\u0001\u0000\u0000\u0001\u0000\u0001\u0000\u0000\ufffd\ufffd",
      "candidate": "c3_snapshot_noauth_exclusion",
      "http_code": "200",
      "request_path": "/snapshot.jpg",
      "same_default_credential_root_cause": false,
      "target_role": "fixed_control",
      "verdict": "excluded_separate_public_snapshot_surface_not_default_credential_root_cause"
    },
    {
      "auth": "<none>",
      "body_artifact": "/data/pruva/runs/43236abd-54ae-4d2e-a94e-868a8998cf47/bundle/logs/vuln_variant/fixed_control_c4_legacy_gw2_noauth_exclusion__cgi-bin_gw2.cgi_none.body",
      "body_excerpt": "<juan ver=\"1.0\" seq=\"0\"><conf type=\"read\" user=\"\" password=\"\"><info device_name=\"IPC\" device_model=\"IPC\" device_sn=\"LR86832991\" software_version=\"1.5.7\" build_date=\"2015/12/24\" ></",
      "candidate": "c4_legacy_gw2_noauth_exclusion",
      "http_code": "200",
      "request_path": "/cgi-bin/gw2.cgi",
      "same_default_credential_root_cause": false,
      "target_role": "fixed_control",
      "verdict": "excluded_legacy_cgi_public_info_surface_not_default_credential_root_cause"
    },
    {
      "auth": "admin:<configured-non-empty>",
      "body_artifact": "/data/pruva/runs/43236abd-54ae-4d2e-a94e-868a8998cf47/bundle/logs/vuln_variant/fixed_control_control_configured_password__NetSDK_System_deviceInfo_admin_fixed-secret.body",
      "body_excerpt": "{\"deviceName\":\"LR86832991\",\"deviceAddress\":1,\"description\":\"LR86832991\",\"model\":\"LR86832991\",\"serialNumber\":\"LR86832991\",\"sdkVersion\":\"1.5.7.38\",\"firmwareVersion\":\"1.5.7.38\",\"firmw",
      "candidate": "control_configured_password",
      "http_code": "200",
      "request_path": "/NetSDK/System/deviceInfo",
      "same_default_credential_root_cause": true,
      "target_role": "fixed_control",
      "verdict": "service_healthy_configured_password_accepted"
    }
  ],
  "proof_artifacts": [
    "logs/vuln_variant/reproduction_steps.log",
    "vuln_variant/candidate_results.jsonl",
    "vuln_variant/source_identity.json"
  ],
  "notes": "No distinct default-credential bypass was confirmed on the non-empty-password fixed control; excluded public snapshot/cgi observations are documented as separate surfaces, not the same root cause."
}
