CVE-2021-30167

EPSS 3.56%
Veröffentlicht 28.04.2021 10:15:08
Zuletzt bearbeitet 21.11.2024 06:03:26
Quelle twcert@cert.org.tw
CVE-Watchlists
Login
Unerledigt
Login

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Meritlilin ≫ P2r8852e2 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r8852e2 Version-

Meritlilin ≫ P2r8852e4 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r8852e4 Version-

Meritlilin ≫ P2r6852e2 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r6852e2 Version-

Meritlilin ≫ P2r6852e4 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r6852e4 Version-

Meritlilin ≫ P2r6552e2 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r6552e2 Version-

Meritlilin ≫ P2r6552e4 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r6552e4 Version-

Meritlilin ≫ P2r6352ae2 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r6352ae2 Version-

Meritlilin ≫ P2r6352ae4 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r6352ae4 Version-

Meritlilin ≫ P2r3052ae2 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r3052ae2 Version-

Meritlilin ≫ P2g1052 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2g1052 Version-

Meritlilin ≫ P2r8822e2 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r8822e2 Version-

Meritlilin ≫ P2r8822e4 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r8822e4 Version-

Meritlilin ≫ P2r6822e2 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r6822e2 Version-

Meritlilin ≫ P2r6822e4 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r6822e4 Version-

Meritlilin ≫ P2r6522e2 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r6522e2 Version-

Meritlilin ≫ P2r6522e4 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r6522e4 Version-

Meritlilin ≫ P2r6322ae2 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r6322ae2 Version-

Meritlilin ≫ P2r6322ae4 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r6322ae4 Version-

Meritlilin ≫ P2r3022ae2 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2r3022ae2 Version-

Meritlilin ≫ P2g1022 Firmware Version < 7.1.94.8908

Meritlilin ≫ P2g1022 Version-

Meritlilin ≫ P2g1022x Firmware Version < 7.1.94.8908

Meritlilin ≫ P2g1022x Version-

Meritlilin ≫ Z2r8852ax Firmware Version < 7.1.94.8908

Meritlilin ≫ Z2r8852ax Version-

Meritlilin ≫ Z2r8152x-p Firmware Version < 7.1.94.8908

Meritlilin ≫ Z2r8152x-p Version-

Meritlilin ≫ Z2r8152x2-p Firmware Version < 7.1.94.8908

Meritlilin ≫ Z2r8152x2-p Version-

Meritlilin ≫ Z2r8052ex25 Firmware Version < 7.1.94.8908

Meritlilin ≫ Z2r8052ex25 Version-

Meritlilin ≫ Z2r6552x Firmware Version < 7.1.94.8908

Meritlilin ≫ Z2r6552x Version-

Meritlilin ≫ Z2r6452ax Firmware Version < 7.1.94.8908

Meritlilin ≫ Z2r6452ax Version-

Meritlilin ≫ Z2r6452ax-p Firmware Version < 7.1.94.8908

Meritlilin ≫ Z2r6452ax-p Version-

Meritlilin ≫ Z2r8822ax Firmware Version < 7.1.94.8908

Meritlilin ≫ Z2r8822ax Version-

Meritlilin ≫ Z2r8122x-p Firmware Version < 7.1.94.8908

Meritlilin ≫ Z2r8122x-p Version-

Meritlilin ≫ Z2r8122x2-p Firmware Version < 7.1.94.8908

Meritlilin ≫ Z2r8122x2-p Version-

Meritlilin ≫ Z2r8022ex25 Firmware Version < 7.1.94.8908

Meritlilin ≫ Z2r8022ex25 Version-

Meritlilin ≫ Z2r6522x Firmware Version < 7.1.94.8908

Meritlilin ≫ Z2r6522x Version-

Meritlilin ≫ Z2r6422ax Firmware Version < 7.1.94.8908

Meritlilin ≫ Z2r6422ax Version-

Meritlilin ≫ Z2r6422ax-p Firmware Version < 7.1.94.8908

Meritlilin ≫ Z2r6422ax-p Version-

Meritlilin ≫ P3r6322e2 Firmware Version < 7.1.94.8908

Meritlilin ≫ P3r6322e2 Version-

Meritlilin ≫ P3r6522e2 Firmware Version < 7.1.94.8908

Meritlilin ≫ P3r6522e2 Version-

Meritlilin ≫ P3r8822e2 Firmware Version < 7.1.94.8908

Meritlilin ≫ P3r8822e2 Version-

Meritlilin ≫ Z3r6422x3 Firmware Version < 7.1.94.8908

Meritlilin ≫ Z3r6422x3 Version-

Meritlilin ≫ Z3r6522x Firmware Version < 7.1.94.8908

Meritlilin ≫ Z3r6522x Version-

Meritlilin ≫ Z3r8922x3 Firmware Version < 7.1.94.8908

Meritlilin ≫ Z3r8922x3 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.56%	0.872

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C
twcert@cert.org.tw	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e

Third Party Advisory

https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388

Third Party Advisory

https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf

Vendor Advisory

https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html

Not Applicable

https://nvd.nist.gov/vuln/detail/CVE-2021-30167

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-30167

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-30167

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-30167