CVE-2021-30167

MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Broken Authentication

CVSS 9.8 CRITICALEPSS 2.4%CWE-522

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

MERIT LILIN ENT.CO.,LTD. · P2/Z2/P3/Z3 IP camera firmware

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388 https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html