{
  "verdict": "no_distinct_variant_or_bypass_confirmed",
  "confirmed": false,
  "is_bypass": false,
  "is_alternate_trigger_only": true,
  "created_at": "2026-07-05T00:00:00Z",
  "summary": "The alternate protected NetSDK route /NetSDK/Network/interface/1 accepts admin: only on the vulnerable empty-password configuration and is rejected with HTTP 401 by the non-empty-password fixed control. No same-root-cause bypass was confirmed.",
  "tested_variant_target": {
    "target_kind": "source_commit_plus_runtime_configuration",
    "commit_sha": "a5bece938ff0dc019ead3d62fa6adefbc8c497fe",
    "display": "Anyka N1 libNkN1API.a at SmartCamera commit a5bece938ff0dc019ead3d62fa6adefbc8c497fe; vulnerable config admin empty vs fixed-control config admin fixed-secret"
  },
  "fixed_or_latest_tested": {
    "available_official_fix": false,
    "test_kind": "behavioral_fixed_control",
    "control_description": "Same Anyka N1/anyka_ipc HTTP service code, but admin is provisioned with non-empty password fixed-secret instead of the factory empty password.",
    "commit_sha": "a5bece938ff0dc019ead3d62fa6adefbc8c497fe"
  },
  "candidate_results": [
    {
      "candidate": "c1_netsdk_deviceinfo_admin_empty",
      "entrypoint": "GET /NetSDK/System/deviceInfo",
      "same_root_cause": true,
      "vulnerable_http_code": 200,
      "fixed_control_http_code": 401,
      "result": "baseline_blocked_by_fixed_control"
    },
    {
      "candidate": "c2_netsdk_network_admin_empty",
      "entrypoint": "GET /NetSDK/Network/interface/1",
      "same_root_cause": true,
      "vulnerable_http_code": 200,
      "fixed_control_http_code": 401,
      "result": "alternate_protected_endpoint_not_bypass"
    },
    {
      "candidate": "c3_snapshot_noauth_exclusion",
      "entrypoint": "GET /snapshot.jpg",
      "same_root_cause": false,
      "vulnerable_http_code": 200,
      "fixed_control_http_code": 200,
      "result": "excluded_separate_public_snapshot_surface"
    },
    {
      "candidate": "c4_legacy_gw2_noauth_exclusion",
      "entrypoint": "GET /cgi-bin/gw2.cgi",
      "same_root_cause": false,
      "vulnerable_http_code": 200,
      "fixed_control_http_code": 200,
      "result": "excluded_separate_legacy_cgi_surface"
    }
  ],
  "script_runs": [
    {
      "command": "bash bundle/vuln_variant/reproduction_steps.sh",
      "expected_exit_code": 1,
      "observed_exit_code": 1,
      "meaning": "no variant/bypass reproduced on fixed-control target"
    },
    {
      "command": "bash bundle/vuln_variant/reproduction_steps.sh",
      "expected_exit_code": 1,
      "observed_exit_code": 1,
      "meaning": "idempotency confirmed"
    }
  ],
  "blocking_mitigation": "Preventing admin from having an empty password at provisioning/load time blocks admin: across tested NetSDK protected routes.",
  "evidence": {
    "reproduction_log": "bundle/logs/vuln_variant/reproduction_steps.log",
    "candidate_results": "bundle/vuln_variant/candidate_results.jsonl",
    "runtime_manifest": "bundle/vuln_variant/runtime_manifest.json",
    "source_identity": "bundle/vuln_variant/source_identity.json",
    "patch_analysis": "bundle/vuln_variant/patch_analysis.md"
  }
}
