cbcvebase.
CVE-2021-30168
published 2021-04-28

CVE-2021-30168: The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control…

PriorityP279critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
2.13%
79.7th percentile
The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices.

Affected

42 ranges· showing 25
VendorProductVersion rangeFixed in
merit_lilin_ent.co_ltdp2_z2_p3_z3_ip_camera_firmwareunspecified – 7.1.94.8908
meritlilinp2g1022_firmware< 7.1.94.89087.1.94.8908
meritlilinp2g1022x_firmware< 7.1.94.89087.1.94.8908
meritlilinp2g1052_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r3022ae2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r3052ae2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6322ae2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6322ae4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6352ae2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6352ae4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6522e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6522e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6552e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6552e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6822e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6822e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6852e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r6852e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r8822e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r8822e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r8852e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp2r8852e4_firmware< 7.1.94.89087.1.94.8908
meritlilinp3r6322e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp3r6522e2_firmware< 7.1.94.89087.1.94.8908
meritlilinp3r8822e2_firmware< 7.1.94.89087.1.94.8908

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.