MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Command Injection
CVE-2021-30166

7.2HIGH

Key Information:

Vendor

Merit Lilin Ent.co.,ltd.

Status
P2/z2/p3/z3 Ip Camera Firmware
Vendor
CVE Published:
28 April 2021

What is CVE-2021-30166?

The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

P2/Z2/P3/Z3 IP camera firmware <= 7.1.94.8908

References

https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html
x_refsource_MISC
https://www.meritlilin.com/assets/uploads/support/file/M0...
x_refsource_MISC
https://gist.github.com/keniver/86ebef688fb274b534da51ef1...
x_refsource_MISC

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.