CVE-2021-30166

high-risk

Published 2021-04-28

The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.

Do I need to act?

7.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.2/10 High

NETWORK / LOW complexity

Affected Products (20)

P2R8852E2 Firmware

P2R8852E4 Firmware

P2R6852E2 Firmware

P2R6852E4 Firmware

P2R6552E2 Firmware

P2R6552E4 Firmware

P2R6352Ae2 Firmware

P2R6352Ae4 Firmware

P2R3052Ae2 Firmware

P2G1052 Firmware

P2R8822E2 Firmware

P2R8822E4 Firmware

P2R6822E2 Firmware

P2R6822E4 Firmware

P2R6522E2 Firmware

P2R6522E4 Firmware

P2R6322Ae2 Firmware

P2R6322Ae4 Firmware

P2R3022Ae2 Firmware

P2G1022 Firmware

Affected Vendors

Meritlilin

References (8)

Third Party Advisory https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e

Third Party Advisory https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388

Vendor Advisory https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf

Third Party Advisory https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html

Third Party Advisory https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e

Third Party Advisory https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388

Vendor Advisory https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf

Third Party Advisory https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html

/ 100

high-risk

Severity 26/34 · High

Exploitability 10/34 · Low

Exposure 24/34 · High