CVE-2021-30167 — CRITICAL (9.8)

Q: How severe is CVE-2021-30167?

CVE-2021-30167 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-30167?

Check the references section above for vendor advisories and patch information. Affected products include: Meritlilin P2R8852E2 Firmware, Meritlilin P2R8852E2, Meritlilin P2R8852E4 Firmware, Meritlilin P2R8852E4, Meritlilin P2R6852E2 Firmware.

Vulnerability Description

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Meritlilin	P2R8852E2 Firmware	< 7.1.94.8908
Meritlilin	P2R8852E2	-
Meritlilin	P2R8852E4 Firmware	< 7.1.94.8908
Meritlilin	P2R8852E4	-
Meritlilin	P2R6852E2 Firmware	< 7.1.94.8908
Meritlilin	P2R6852E2	-
Meritlilin	P2R6852E4 Firmware	< 7.1.94.8908
Meritlilin	P2R6852E4	-
Meritlilin	P2R6552E2 Firmware	< 7.1.94.8908
Meritlilin	P2R6552E2	-
Meritlilin	P2R6552E4 Firmware	< 7.1.94.8908
Meritlilin	P2R6552E4	-
Meritlilin	P2R6352Ae2 Firmware	< 7.1.94.8908
Meritlilin	P2R6352Ae2	-
Meritlilin	P2R6352Ae4 Firmware	< 7.1.94.8908
Meritlilin	P2R6352Ae4	-
Meritlilin	P2R3052Ae2 Firmware	< 7.1.94.8908
Meritlilin	P2R3052Ae2	-
Meritlilin	P2G1052 Firmware	< 7.1.94.8908
Meritlilin	P2G1052	-

Related Weaknesses (CWE)

CWE-306 CWE-522

References

https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3eThird Party Advisory
https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388Third Party Advisory
https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdfVendor Advisory
https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.htmlNot Applicable
https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3eThird Party Advisory
https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388Third Party Advisory
https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdfVendor Advisory
https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.htmlNot Applicable

FAQ

What is CVE-2021-30167?

CVE-2021-30167 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to contr...

How severe is CVE-2021-30167?

CVE-2021-30167 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-30167?

Check the references section above for vendor advisories and patch information. Affected products include: Meritlilin P2R8852E2 Firmware, Meritlilin P2R8852E2, Meritlilin P2R8852E4 Firmware, Meritlilin P2R8852E4, Meritlilin P2R6852E2 Firmware.