Vulnerability Details CVE-2021-30166
The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.06
EPSS Ranking 90.3%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
- https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e
- https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388
- https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf
- https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html
- https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e
- https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388
- https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf
- https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html
Products affected by CVE-2021-30166
-
cpe:2.3:h:meritlilin:p2g1022:-
-
cpe:2.3:h:meritlilin:p2g1022x:-
-
cpe:2.3:h:meritlilin:p2g1052:-
-
cpe:2.3:h:meritlilin:p2r3022ae2:-
-
cpe:2.3:h:meritlilin:p2r3052ae2:-
-
cpe:2.3:h:meritlilin:p2r6322ae2:-
-
cpe:2.3:h:meritlilin:p2r6322ae4:-
-
cpe:2.3:h:meritlilin:p2r6352ae2:-
-
cpe:2.3:h:meritlilin:p2r6352ae4:-
-
cpe:2.3:h:meritlilin:p2r6522e2:-
-
cpe:2.3:h:meritlilin:p2r6522e4:-
-
cpe:2.3:h:meritlilin:p2r6552e2:-
-
cpe:2.3:h:meritlilin:p2r6552e4:-
-
cpe:2.3:h:meritlilin:p2r6822e2:-
-
cpe:2.3:h:meritlilin:p2r6822e4:-
-
cpe:2.3:h:meritlilin:p2r6852e2:-
-
cpe:2.3:h:meritlilin:p2r6852e4:-
-
cpe:2.3:h:meritlilin:p2r8822e2:-
-
cpe:2.3:h:meritlilin:p2r8822e4:-
-
cpe:2.3:h:meritlilin:p2r8852e2:-
-
cpe:2.3:h:meritlilin:p2r8852e4:-
-
cpe:2.3:h:meritlilin:p3r6322e2:-
-
cpe:2.3:h:meritlilin:p3r6522e2:-
-
cpe:2.3:h:meritlilin:p3r8822e2:-
-
cpe:2.3:h:meritlilin:z2r6422ax-p:-
-
cpe:2.3:h:meritlilin:z2r6422ax:-
-
cpe:2.3:h:meritlilin:z2r6452ax-p:-
-
cpe:2.3:h:meritlilin:z2r6452ax:-
-
cpe:2.3:h:meritlilin:z2r6522x:-
-
cpe:2.3:h:meritlilin:z2r6552x:-
-
cpe:2.3:h:meritlilin:z2r8022ex25:-
-
cpe:2.3:h:meritlilin:z2r8052ex25:-
-
cpe:2.3:h:meritlilin:z2r8122x-p:-
-
cpe:2.3:h:meritlilin:z2r8122x2-p:-
-
cpe:2.3:h:meritlilin:z2r8152x-p:-
-
cpe:2.3:h:meritlilin:z2r8152x2-p:-
-
cpe:2.3:h:meritlilin:z2r8822ax:-
-
cpe:2.3:h:meritlilin:z2r8852ax:-
-
cpe:2.3:h:meritlilin:z3r6422x3:-
-
cpe:2.3:h:meritlilin:z3r6522x:-
-
cpe:2.3:h:meritlilin:z3r8922x3:-
-
cpe:2.3:o:meritlilin:p2g1022_firmware:-
-
cpe:2.3:o:meritlilin:p2g1022x_firmware:-
-
cpe:2.3:o:meritlilin:p2g1052_firmware:-
-
cpe:2.3:o:meritlilin:p2r3022ae2_firmware:-
-
cpe:2.3:o:meritlilin:p2r3052ae2_firmware:-
-
cpe:2.3:o:meritlilin:p2r6322ae2_firmware:-
-
cpe:2.3:o:meritlilin:p2r6322ae4_firmware:-
-
cpe:2.3:o:meritlilin:p2r6352ae2_firmware:-
-
cpe:2.3:o:meritlilin:p2r6352ae4_firmware:-
-
cpe:2.3:o:meritlilin:p2r6522e2_firmware:-
-
cpe:2.3:o:meritlilin:p2r6522e4_firmware:-
-
cpe:2.3:o:meritlilin:p2r6552e2_firmware:-
-
cpe:2.3:o:meritlilin:p2r6552e4_firmware:-
-
cpe:2.3:o:meritlilin:p2r6822e2_firmware:-
-
cpe:2.3:o:meritlilin:p2r6822e4_firmware:-
-
cpe:2.3:o:meritlilin:p2r6852e2_firmware:-
-
cpe:2.3:o:meritlilin:p2r6852e4_firmware:-
-
cpe:2.3:o:meritlilin:p2r8822e2_firmware:-
-
cpe:2.3:o:meritlilin:p2r8822e4_firmware:-
-
cpe:2.3:o:meritlilin:p2r8852e2_firmware:-
-
cpe:2.3:o:meritlilin:p2r8852e4_firmware:-
-
cpe:2.3:o:meritlilin:p3r6322e2_firmware:-
-
cpe:2.3:o:meritlilin:p3r6522e2_firmware:-
-
cpe:2.3:o:meritlilin:p3r8822e2_firmware:-
-
cpe:2.3:o:meritlilin:z2r6422ax-p_firmware:-
-
cpe:2.3:o:meritlilin:z2r6422ax_firmware:-
-
cpe:2.3:o:meritlilin:z2r6452ax-p_firmware:-
-
cpe:2.3:o:meritlilin:z2r6452ax_firmware:-
-
cpe:2.3:o:meritlilin:z2r6522x_firmware:-
-
cpe:2.3:o:meritlilin:z2r6552x_firmware:-
-
cpe:2.3:o:meritlilin:z2r8022ex25_firmware:-
-
cpe:2.3:o:meritlilin:z2r8052ex25_firmware:-
-
cpe:2.3:o:meritlilin:z2r8122x-p_firmware:-
-
cpe:2.3:o:meritlilin:z2r8122x2-p_firmware:-
-
cpe:2.3:o:meritlilin:z2r8152x-p_firmware:-
-
cpe:2.3:o:meritlilin:z2r8152x2-p_firmware:-
-
cpe:2.3:o:meritlilin:z2r8822ax_firmware:-
-
cpe:2.3:o:meritlilin:z2r8852ax_firmware:-
-
cpe:2.3:o:meritlilin:z3r6422x3_firmware:-
-
cpe:2.3:o:meritlilin:z3r6522x_firmware:-
-
cpe:2.3:o:meritlilin:z3r8922x3_firmware:-