CVE-2021-30167

Summary

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.

Affected Software

VendorProductVersion RangeStatus
MERIT LILIN ENT.CO.,LTD.P2/Z2/P3/Z3 IP camera firmwareunspecified <= 7.1.94.8908affected

Weaknesses

  • CWE-522: CWE-522 Insufficiently Protected Credentials

ADP Enrichment

CVE Program Container

Additional References

References