← back
CVE-2021-30167

MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Broken Authentication

CVSS 9.8 CRITICALEPSS 2.4%CWE-522
The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
MERIT LILIN ENT.CO.,LTD. · P2/Z2/P3/Z3 IP camera firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3ehttps://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdfhttps://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html