cbcvebase.
CVE-2021-30166
published 2021-04-28

CVE-2021-30166: The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack…

PriorityP352high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
3.79%
88.6th percentile
The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.

Affected

42 ranges· showing 25
VendorProductVersion rangeFixed in
merit_lilin_ent.co_ltdp2_z2_p3_z3_ip_camera_firmwareunspecified – 7.1.94.8908
meritlilinp2g1022_firmware< 7.1.94.89087.1.94.8908
meritlilinp2g1022x_firmware< 7.1.94.89087.1.94.8908
meritlilinp2g1052_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r3022ae2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r3052ae2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6322ae2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6322ae4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6352ae2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6352ae4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6522e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6522e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6552e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6552e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6822e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6822e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6852e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6852e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r8822e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r8822e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r8852e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r8852e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp3r6322e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp3r6522e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp3r8822e2_firmware< 7.1.94.89087.1.94.8908

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.