CVE-2021-30166

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-30166
The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e Third Party Advisory
https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388 Third Party Advisory
https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf Vendor Advisory
https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:meritlilin:p2r8852e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r8852e2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:meritlilin:p2r8852e4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r8852e4:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:meritlilin:p2r6852e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6852e2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:meritlilin:p2r6852e4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6852e4:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:meritlilin:p2r6552e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6552e2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:meritlilin:p2r6552e4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6552e4:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:meritlilin:p2r6352ae2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6352ae2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:meritlilin:p2r6352ae4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6352ae4:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:meritlilin:p2r3052ae2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r3052ae2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:meritlilin:p2g1052_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2g1052:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:meritlilin:p2r8822e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r8822e2:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:meritlilin:p2r8822e4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r8822e4:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:meritlilin:p2r6822e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6822e2:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:meritlilin:p2r6822e4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6822e4:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:meritlilin:p2r6522e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6522e2:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:meritlilin:p2r6522e4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6522e4:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:meritlilin:p2r6322ae2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6322ae2:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:meritlilin:p2r6322ae4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6322ae4:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:meritlilin:p2r3022ae2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r3022ae2:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:meritlilin:p2g1022_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2g1022:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:meritlilin:p2g1022x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2g1022x:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:meritlilin:z2r8852ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r8852ax:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:meritlilin:z2r8152x-p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r8152x-p:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:meritlilin:z2r8152x2-p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r8152x2-p:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:meritlilin:z2r8052ex25_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r8052ex25:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:meritlilin:z2r6552x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r6552x:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:meritlilin:z2r6452ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r6452ax:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:meritlilin:z2r6452ax-p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r6452ax-p:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:meritlilin:z2r8822ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r8822ax:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:meritlilin:z2r8122x-p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r8122x-p:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:meritlilin:z2r8122x2-p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r8122x2-p:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:meritlilin:z2r8022ex25_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r8022ex25:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:meritlilin:z2r6522x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r6522x:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:meritlilin:z2r6422ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r6422ax:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
cpe:2.3:o:meritlilin:z2r6422ax-p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r6422ax-p:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND
cpe:2.3:o:meritlilin:p3r6322e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p3r6322e2:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND
cpe:2.3:o:meritlilin:p3r6522e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p3r6522e2:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND
cpe:2.3:o:meritlilin:p3r8822e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p3r8822e2:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND
cpe:2.3:o:meritlilin:z3r6422x3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z3r6422x3:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND
cpe:2.3:o:meritlilin:z3r6522x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z3r6522x:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND
cpe:2.3:o:meritlilin:z3r8922x3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z3r8922x3:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2021-04-28 10:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-30166

Mitre link : CVE-2021-30166

CVE.ORG link : CVE-2021-30166

JSON object : View

Products Affected

meritlilin

  • z2r6452ax_firmware
  • z3r6522x
  • p3r6322e2
  • p2g1022_firmware
  • z3r6422x3
  • p2r8822e4
  • p2r6852e2_firmware
  • z2r8152x2-p
  • p2r6522e4
  • z2r8852ax
  • p3r6522e2
  • p2g1022
  • z2r6422ax-p
  • z2r8122x2-p_firmware
  • p3r6522e2_firmware
  • p2r6352ae2
  • p2r6822e2_firmware
  • z2r6522x_firmware
  • p2r6522e2_firmware
  • z2r6452ax
  • p2r6352ae4_firmware
  • p2r8822e4_firmware
  • p2r8852e2
  • z2r8022ex25_firmware
  • z2r6422ax
  • p2r6352ae2_firmware
  • p3r8822e2_firmware
  • p2r6322ae4
  • p2r6552e2_firmware
  • z2r8122x-p
  • z3r8922x3
  • p3r6322e2_firmware
  • p2r3052ae2_firmware
  • z2r8052ex25
  • z2r6552x_firmware
  • p2r8822e2_firmware
  • p2r6822e4
  • p3r8822e2
  • p2g1052_firmware
  • p2r6322ae4_firmware
  • z2r8152x-p
  • z2r8052ex25_firmware
  • z2r6422ax_firmware
  • p2r6552e4_firmware
  • p2r6322ae2_firmware
  • p2r6352ae4
  • z3r6422x3_firmware
  • p2r6822e4_firmware
  • z2r6552x
  • p2r3022ae2
  • z2r8152x-p_firmware
  • p2r6852e4_firmware
  • p2g1052
  • p2r3052ae2
  • z2r8122x-p_firmware
  • p2r3022ae2_firmware
  • p2r6552e4
  • p2r6322ae2
  • p2r6552e2
  • z2r8152x2-p_firmware
  • p2g1022x
  • z2r8122x2-p
  • z2r6452ax-p_firmware
  • p2g1022x_firmware
  • p2r6852e4
  • z2r8022ex25
  • p2r6822e2
  • z2r8822ax_firmware
  • z2r8852ax_firmware
  • p2r8822e2
  • p2r6852e2
  • p2r8852e4_firmware
  • z2r6422ax-p_firmware
  • p2r8852e2_firmware
  • z2r6452ax-p
  • p2r6522e4_firmware
  • z3r6522x_firmware
  • p2r6522e2
  • z2r8822ax
  • z2r6522x
  • p2r8852e4
  • z3r8922x3_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')