CVE-2021-30166

Summary

The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.

Affected Software

VendorProductVersion RangeStatus
MERIT LILIN ENT.CO.,LTD.P2/Z2/P3/Z3 IP camera firmwareunspecified <= 7.1.94.8908affected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

ADP Enrichment

CVE Program Container

Additional References

References