CVE-2021-30169 — MEDIUM (5.3)

Q: What is CVE-2021-30169?

CVE-2021-30169 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential.

Q: How severe is CVE-2021-30169?

CVE-2021-30169 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-30169?

Check the references section above for vendor advisories and patch information. Affected products include: Meritlilin P2R8852E2 Firmware, Meritlilin P2R8852E2, Meritlilin P2R8852E4 Firmware, Meritlilin P2R8852E4, Meritlilin P2R6852E2 Firmware.

Vulnerability Description

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Meritlilin	P2R8852E2 Firmware	< 7.1.94.8908
Meritlilin	P2R8852E2	-
Meritlilin	P2R8852E4 Firmware	< 7.1.94.8908
Meritlilin	P2R8852E4	-
Meritlilin	P2R6852E2 Firmware	< 7.1.94.8908
Meritlilin	P2R6852E2	-
Meritlilin	P2R6852E4 Firmware	< 7.1.94.8908
Meritlilin	P2R6852E4	-
Meritlilin	P2R6552E2 Firmware	< 7.1.94.8908
Meritlilin	P2R6552E2	-
Meritlilin	P2R6552E4 Firmware	< 7.1.94.8908
Meritlilin	P2R6552E4	-
Meritlilin	P2R6352Ae2 Firmware	< 7.1.94.8908
Meritlilin	P2R6352Ae2	-
Meritlilin	P2R6352Ae4 Firmware	< 7.1.94.8908
Meritlilin	P2R6352Ae4	-
Meritlilin	P2R3052Ae2 Firmware	< 7.1.94.8908
Meritlilin	P2R3052Ae2	-
Meritlilin	P2G1052 Firmware	< 7.1.94.8908
Meritlilin	P2G1052	-

Related Weaknesses (CWE)

CWE-522 CWE-200

References

https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3eThird Party Advisory
https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388Third Party Advisory
https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdfVendor Advisory
https://www.twcert.org.tw/tw/cp-132-4679-d308c-1.htmlThird Party Advisory
https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3eThird Party Advisory
https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388Third Party Advisory
https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdfVendor Advisory
https://www.twcert.org.tw/tw/cp-132-4679-d308c-1.htmlThird Party Advisory

FAQ

What is CVE-2021-30169?

CVE-2021-30169 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential.

How severe is CVE-2021-30169?

CVE-2021-30169 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-30169?

Check the references section above for vendor advisories and patch information. Affected products include: Meritlilin P2R8852E2 Firmware, Meritlilin P2R8852E2, Meritlilin P2R8852E4 Firmware, Meritlilin P2R8852E4, Meritlilin P2R6852E2 Firmware.