CVE-2021-30168 — CRITICAL (9.8)

Q: What is CVE-2021-30168?

CVE-2021-30168 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices.

Q: How severe is CVE-2021-30168?

CVE-2021-30168 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-30168?

Check the references section above for vendor advisories and patch information. Affected products include: Meritlilin P2R8852E2 Firmware, Meritlilin P2R8852E2, Meritlilin P2R8852E4 Firmware, Meritlilin P2R8852E4, Meritlilin P2R6852E2 Firmware.

Vulnerability Description

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Meritlilin	P2R8852E2 Firmware	< 7.1.94.8908
Meritlilin	P2R8852E2	-
Meritlilin	P2R8852E4 Firmware	< 7.1.94.8908
Meritlilin	P2R8852E4	-
Meritlilin	P2R6852E2 Firmware	< 7.1.94.8908
Meritlilin	P2R6852E2	-
Meritlilin	P2R6852E4 Firmware	< 7.1.94.8908
Meritlilin	P2R6852E4	-
Meritlilin	P2R6552E2 Firmware	< 7.1.94.8908
Meritlilin	P2R6552E2	-
Meritlilin	P2R6552E4 Firmware	< 7.1.94.8908
Meritlilin	P2R6552E4	-
Meritlilin	P2R6352Ae2 Firmware	< 7.1.94.8908
Meritlilin	P2R6352Ae2	-
Meritlilin	P2R6352Ae4 Firmware	< 7.1.94.8908
Meritlilin	P2R6352Ae4	-
Meritlilin	P2R3052Ae2 Firmware	< 7.1.94.8908
Meritlilin	P2R3052Ae2	-
Meritlilin	P2G1052 Firmware	< 7.1.94.8908
Meritlilin	P2G1052	-

Related Weaknesses (CWE)

CWE-522 CWE-200

References

https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3eThird Party Advisory
https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388Third Party Advisory
https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdfVendor Advisory
https://www.twcert.org.tw/tw/cp-132-4678-aad70-1.htmlThird Party Advisory
https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3eThird Party Advisory
https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388Third Party Advisory
https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdfVendor Advisory
https://www.twcert.org.tw/tw/cp-132-4678-aad70-1.htmlThird Party Advisory

FAQ

What is CVE-2021-30168?

CVE-2021-30168 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices.

How severe is CVE-2021-30168?

CVE-2021-30168 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-30168?

Check the references section above for vendor advisories and patch information. Affected products include: Meritlilin P2R8852E2 Firmware, Meritlilin P2R8852E2, Meritlilin P2R8852E4 Firmware, Meritlilin P2R8852E4, Meritlilin P2R6852E2 Firmware.