cbcvebase.
CVE-2021-30167
published 2021-04-28

CVE-2021-30167: The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s…

PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.44%
82.3th percentile
The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.

Affected

42 ranges· showing 25
VendorProductVersion rangeFixed in
merit_lilin_ent.co_ltdp2_z2_p3_z3_ip_camera_firmwareunspecified – 7.1.94.8908
meritlilinp2g1022_firmware< 7.1.94.89087.1.94.8908
meritlilinp2g1022x_firmware< 7.1.94.89087.1.94.8908
meritlilinp2g1052_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r3022ae2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r3052ae2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6322ae2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6322ae4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6352ae2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6352ae4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6522e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6522e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6552e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6552e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6822e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6822e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6852e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6852e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r8822e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r8822e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r8852e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r8852e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp3r6322e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp3r6522e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp3r8822e2_firmware< 7.1.94.89087.1.94.8908

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.