CVE-2021-30166 — HIGH (7.2)

Q: How severe is CVE-2021-30166?

CVE-2021-30166 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-30166?

Check the references section above for vendor advisories and patch information. Affected products include: Meritlilin P2R8852E2 Firmware, Meritlilin P2R8852E2, Meritlilin P2R8852E4 Firmware, Meritlilin P2R8852E4, Meritlilin P2R6852E2 Firmware.

Vulnerability Description

The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Meritlilin	P2R8852E2 Firmware	< 7.1.94.8908
Meritlilin	P2R8852E2	-
Meritlilin	P2R8852E4 Firmware	< 7.1.94.8908
Meritlilin	P2R8852E4	-
Meritlilin	P2R6852E2 Firmware	< 7.1.94.8908
Meritlilin	P2R6852E2	-
Meritlilin	P2R6852E4 Firmware	< 7.1.94.8908
Meritlilin	P2R6852E4	-
Meritlilin	P2R6552E2 Firmware	< 7.1.94.8908
Meritlilin	P2R6552E2	-
Meritlilin	P2R6552E4 Firmware	< 7.1.94.8908
Meritlilin	P2R6552E4	-
Meritlilin	P2R6352Ae2 Firmware	< 7.1.94.8908
Meritlilin	P2R6352Ae2	-
Meritlilin	P2R6352Ae4 Firmware	< 7.1.94.8908
Meritlilin	P2R6352Ae4	-
Meritlilin	P2R3052Ae2 Firmware	< 7.1.94.8908
Meritlilin	P2R3052Ae2	-
Meritlilin	P2G1052 Firmware	< 7.1.94.8908
Meritlilin	P2G1052	-

Related Weaknesses (CWE)

CWE-78

References

https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3eThird Party Advisory
https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388Third Party Advisory
https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdfVendor Advisory
https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.htmlThird Party Advisory
https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3eThird Party Advisory
https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388Third Party Advisory
https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdfVendor Advisory
https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.htmlThird Party Advisory

FAQ

What is CVE-2021-30166?

CVE-2021-30166 is a vulnerability with a CVSS score of 7.2 (HIGH). The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logg...

How severe is CVE-2021-30166?

CVE-2021-30166 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-30166?

Check the references section above for vendor advisories and patch information. Affected products include: Meritlilin P2R8852E2 Firmware, Meritlilin P2R8852E2, Meritlilin P2R8852E4 Firmware, Meritlilin P2R8852E4, Meritlilin P2R6852E2 Firmware.