CVE-2021-30166
published 2021-04-28CVE-2021-30166: The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack…
PriorityP352high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
3.79%
88.6th percentile
The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.
Affected
42 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| merit_lilin_ent.co_ltd | p2_z2_p3_z3_ip_camera_firmware | unspecified – 7.1.94.8908 | — |
| meritlilin | p2g1022_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2g1022x_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2g1052_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r3022ae2_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r3052ae2_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r6322ae2_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r6322ae4_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r6352ae2_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r6352ae4_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r6522e2_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r6522e4_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r6552e2_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r6552e4_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r6822e2_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r6822e4_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r6852e2_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r6852e4_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r8822e2_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r8822e4_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r8852e2_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p2r8852e4_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p3r6322e2_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p3r6522e2_firmware | < 7.1.94.8908 | 7.1.94.8908 |
| meritlilin | p3r8822e2_firmware | < 7.1.94.8908 | 7.1.94.8908 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3ehttps://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdfhttps://www.twcert.org.tw/tw/cp-132-4676-391a5-1.htmlhttps://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3ehttps://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdfhttps://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html
2021-04-28
Published