CVE-2021-30167
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MERIT LILIN ENT.CO.,LTD. | P2/Z2/P3/Z3 IP camera firmware | unspecified <= 7.1.94.8908 | affected |
Weaknesses
- CWE-522: CWE-522 Insufficiently Protected Credentials
ADP Enrichment
CVE Program Container
Additional References
- https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html
- https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf
- https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e
- https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388
References
- https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html
- https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf
- https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e
- https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.