CVE-2021-30167

MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Broken Authentication

CVSS 9.8 CRITICALEPSS 2.4%CWE-522

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

MERIT LILIN ENT.CO.,LTD. · P2/Z2/P3/Z3 IP camera firmware

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388 https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html