Lucene search

[email protected]CVE-2021-30167

HistoryApr 28, 2021 - 10:15 a.m.

CVE-2021-30167

2021-04-2810:15:08

CWE-522

CWE-306

[email protected]

web.nvd.nist.gov

nvd

cve-2021-30167

network camera

privilege escalation

url parameters

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.7%

JSON

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.

Affected configurations

NVD

Node

meritlilinp2r8852e2_firmwareRange<7.1.94.8908

AND

meritlilinp2r8852e2Match-

Node

meritlilinp2r8852e4_firmwareRange<7.1.94.8908

AND

meritlilinp2r8852e4Match-

Node

meritlilinp2r6852e2_firmwareRange<7.1.94.8908

AND

meritlilinp2r6852e2Match-

Node

meritlilinp2r6852e4_firmwareRange<7.1.94.8908

AND

meritlilinp2r6852e4Match-

Node

meritlilinp2r6552e2_firmwareRange<7.1.94.8908

AND

meritlilinp2r6552e2Match-

Node

meritlilinp2r6552e4_firmwareRange<7.1.94.8908

AND

meritlilinp2r6552e4Match-

Node

meritlilinp2r6352ae2_firmwareRange<7.1.94.8908

AND

meritlilinp2r6352ae2Match-

Node

meritlilinp2r6352ae4_firmwareRange<7.1.94.8908

AND

meritlilinp2r6352ae4Match-

Node

meritlilinp2r3052ae2_firmwareRange<7.1.94.8908

AND

meritlilinp2r3052ae2Match-

Node

meritlilinp2g1052_firmwareRange<7.1.94.8908

AND

meritlilinp2g1052Match-

Node

meritlilinp2r8822e2_firmwareRange<7.1.94.8908

AND

meritlilinp2r8822e2Match-

Node

meritlilinp2r8822e4_firmwareRange<7.1.94.8908

AND

meritlilinp2r8822e4Match-

Node

meritlilinp2r6822e2_firmwareRange<7.1.94.8908

AND

meritlilinp2r6822e2Match-

Node

meritlilinp2r6822e4_firmwareRange<7.1.94.8908

AND

meritlilinp2r6822e4Match-

Node

meritlilinp2r6522e2_firmwareRange<7.1.94.8908

AND

meritlilinp2r6522e2Match-

Node

meritlilinp2r6522e4_firmwareRange<7.1.94.8908

AND

meritlilinp2r6522e4Match-

Node

meritlilinp2r6322ae2_firmwareRange<7.1.94.8908

AND

meritlilinp2r6322ae2Match-

Node

meritlilinp2r6322ae4_firmwareRange<7.1.94.8908

AND

meritlilinp2r6322ae4Match-

Node

meritlilinp2r3022ae2_firmwareRange<7.1.94.8908

AND

meritlilinp2r3022ae2Match-

Node

meritlilinp2g1022_firmwareRange<7.1.94.8908

AND

meritlilinp2g1022Match-

Node

meritlilinp2g1022x_firmwareRange<7.1.94.8908

AND

meritlilinp2g1022xMatch-

Node

meritlilinz2r8852ax_firmwareRange<7.1.94.8908

AND

meritlilinz2r8852axMatch-

Node

meritlilinz2r8152x-p_firmwareRange<7.1.94.8908

AND

meritlilinz2r8152x-pMatch-

Node

meritlilinz2r8152x2-p_firmwareRange<7.1.94.8908

AND

meritlilinz2r8152x2-pMatch-

Node

meritlilinz2r8052ex25_firmwareRange<7.1.94.8908

AND

meritlilinz2r8052ex25Match-

Node

meritlilinz2r6552x_firmwareRange<7.1.94.8908

AND

meritlilinz2r6552xMatch-

Node

meritlilinz2r6452ax_firmwareRange<7.1.94.8908

AND

meritlilinz2r6452axMatch-

Node

meritlilinz2r6452ax-p_firmwareRange<7.1.94.8908

AND

meritlilinz2r6452ax-pMatch-

Node

meritlilinz2r8822ax_firmwareRange<7.1.94.8908

AND

meritlilinz2r8822axMatch-

Node

meritlilinz2r8122x-p_firmwareRange<7.1.94.8908

AND

meritlilinz2r8122x-pMatch-

Node

meritlilinz2r8122x2-p_firmwareRange<7.1.94.8908

AND

meritlilinz2r8122x2-pMatch-

Node

meritlilinz2r8022ex25_firmwareRange<7.1.94.8908

AND

meritlilinz2r8022ex25Match-

Node

meritlilinz2r6522x_firmwareRange<7.1.94.8908

AND

meritlilinz2r6522xMatch-

Node

meritlilinz2r6422ax_firmwareRange<7.1.94.8908

AND

meritlilinz2r6422axMatch-

Node

meritlilinz2r6422ax-p_firmwareRange<7.1.94.8908

AND

meritlilinz2r6422ax-pMatch-

Node

meritlilinp3r6322e2_firmwareRange<7.1.94.8908

AND

meritlilinp3r6322e2Match-

Node

meritlilinp3r6522e2_firmwareRange<7.1.94.8908

AND

meritlilinp3r6522e2Match-

Node

meritlilinp3r8822e2_firmwareRange<7.1.94.8908

AND

meritlilinp3r8822e2Match-

Node

meritlilinz3r6422x3_firmwareRange<7.1.94.8908

AND

meritlilinz3r6422x3Match-

Node

meritlilinz3r6522x_firmwareRange<7.1.94.8908

AND

meritlilinz3r6522xMatch-

Node

meritlilinz3r8922x3_firmwareRange<7.1.94.8908

AND

meritlilinz3r8922x3Match-

CPENameOperatorVersion
meritlilin:p2r8852e2_firmwaremeritlilin p2r8852e2 firmwarelt7.1.94.8908

CPE	Name	Operator	Version
meritlilin:p2r8852e2_firmware	meritlilin p2r8852e2 firmware	lt	7.1.94.8908

CNA Affected

[
  {
    "product": "P2/Z2/P3/Z3 IP camera firmware",
    "vendor": "MERIT LILIN ENT.CO.,LTD.",
    "versions": [
      {
        "lessThanOrEqual": "7.1.94.8908",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e

www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388

www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf

www.twcert.org.tw/tw/cp-132-4676-391a5-1.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.7%

JSON

Related for CVE-2021-30167

prion1 nvd1 cvelist1