CVE-2021-30167

high-risk

Published 2021-04-28

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.

Do I need to act?

3.6% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

P2R8852E2 Firmware

P2R8852E4 Firmware

P2R6852E2 Firmware

P2R6852E4 Firmware

P2R6552E2 Firmware

P2R6552E4 Firmware

P2R6352Ae2 Firmware

P2R6352Ae4 Firmware

P2R3052Ae2 Firmware

P2G1052 Firmware

P2R8822E2 Firmware

P2R8822E4 Firmware

P2R6822E2 Firmware

P2R6822E4 Firmware

P2R6522E2 Firmware

P2R6522E4 Firmware

P2R6322Ae2 Firmware

P2R6322Ae4 Firmware

P2R3022Ae2 Firmware

P2G1022 Firmware

Affected Vendors

Meritlilin

References (8)

Third Party Advisory https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e

Third Party Advisory https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388

Vendor Advisory https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf

Not Applicable https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html

Third Party Advisory https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e

Third Party Advisory https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388

Vendor Advisory https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf

Not Applicable https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 7/34 · Low

Exposure 24/34 · High