9
CVE-2021-30166
- EPSS 7.54%
- Veröffentlicht 28.04.2021 10:15:08
- Zuletzt bearbeitet 21.11.2024 06:03:26
- Quelle twcert@cert.org.tw
- CVE-Watchlists
- Unerledigt
LoginThe NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Meritlilin ≫ P2r8852e2 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2r8852e4 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2r6852e2 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2r6852e4 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2r6552e2 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2r6552e4 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2r6352ae2 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2r6352ae4 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2r3052ae2 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2g1052 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2r8822e2 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2r8822e4 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2r6822e2 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2r6822e4 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2r6522e2 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2r6522e4 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2r6322ae2 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2r6322ae4 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2r3022ae2 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2g1022 Firmware Version < 7.1.94.8908
Meritlilin ≫ P2g1022x Firmware Version < 7.1.94.8908
Meritlilin ≫ Z2r8852ax Firmware Version < 7.1.94.8908
Meritlilin ≫ Z2r8152x-p Firmware Version < 7.1.94.8908
Meritlilin ≫ Z2r8152x2-p Firmware Version < 7.1.94.8908
Meritlilin ≫ Z2r8052ex25 Firmware Version < 7.1.94.8908
Meritlilin ≫ Z2r6552x Firmware Version < 7.1.94.8908
Meritlilin ≫ Z2r6452ax Firmware Version < 7.1.94.8908
Meritlilin ≫ Z2r6452ax-p Firmware Version < 7.1.94.8908
Meritlilin ≫ Z2r8822ax Firmware Version < 7.1.94.8908
Meritlilin ≫ Z2r8122x-p Firmware Version < 7.1.94.8908
Meritlilin ≫ Z2r8122x2-p Firmware Version < 7.1.94.8908
Meritlilin ≫ Z2r8022ex25 Firmware Version < 7.1.94.8908
Meritlilin ≫ Z2r6522x Firmware Version < 7.1.94.8908
Meritlilin ≫ Z2r6422ax Firmware Version < 7.1.94.8908
Meritlilin ≫ Z2r6422ax-p Firmware Version < 7.1.94.8908
Meritlilin ≫ P3r6322e2 Firmware Version < 7.1.94.8908
Meritlilin ≫ P3r6522e2 Firmware Version < 7.1.94.8908
Meritlilin ≫ P3r8822e2 Firmware Version < 7.1.94.8908
Meritlilin ≫ Z3r6422x3 Firmware Version < 7.1.94.8908
Meritlilin ≫ Z3r6522x Firmware Version < 7.1.94.8908
Meritlilin ≫ Z3r8922x3 Firmware Version < 7.1.94.8908
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.54% | 0.914 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
| twcert@cert.org.tw | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.