CVE-2021-30168

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-30168
The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e Third Party Advisory
https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388 Third Party Advisory
https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf Vendor Advisory
https://www.twcert.org.tw/tw/cp-132-4678-aad70-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:meritlilin:p2r8852e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r8852e2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:meritlilin:p2r8852e4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r8852e4:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:meritlilin:p2r6852e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6852e2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:meritlilin:p2r6852e4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6852e4:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:meritlilin:p2r6552e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6552e2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:meritlilin:p2r6552e4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6552e4:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:meritlilin:p2r6352ae2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6352ae2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:meritlilin:p2r6352ae4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6352ae4:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:meritlilin:p2r3052ae2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r3052ae2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:meritlilin:p2g1052_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2g1052:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:meritlilin:p2r8822e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r8822e2:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:meritlilin:p2r8822e4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r8822e4:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:meritlilin:p2r6822e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6822e2:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:meritlilin:p2r6822e4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6822e4:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:meritlilin:p2r6522e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6522e2:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:meritlilin:p2r6522e4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6522e4:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:meritlilin:p2r6322ae2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6322ae2:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:meritlilin:p2r6322ae4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r6322ae4:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:meritlilin:p2r3022ae2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2r3022ae2:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:meritlilin:p2g1022_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2g1022:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:meritlilin:p2g1022x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p2g1022x:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:meritlilin:z2r8852ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r8852ax:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:meritlilin:z2r8152x-p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r8152x-p:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:meritlilin:z2r8152x2-p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r8152x2-p:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:meritlilin:z2r8052ex25_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r8052ex25:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:meritlilin:z2r6552x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r6552x:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:meritlilin:z2r6452ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r6452ax:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:meritlilin:z2r6452ax-p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r6452ax-p:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:meritlilin:z2r8822ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r8822ax:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:meritlilin:z2r8122x-p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r8122x-p:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:meritlilin:z2r8122x2-p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r8122x2-p:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:meritlilin:z2r8022ex25_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r8022ex25:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:meritlilin:z2r6522x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r6522x:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:meritlilin:z2r6422ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r6422ax:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
cpe:2.3:o:meritlilin:z2r6422ax-p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z2r6422ax-p:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND
cpe:2.3:o:meritlilin:p3r6322e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p3r6322e2:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND
cpe:2.3:o:meritlilin:p3r6522e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p3r6522e2:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND
cpe:2.3:o:meritlilin:p3r8822e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:p3r8822e2:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND
cpe:2.3:o:meritlilin:z3r6422x3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z3r6422x3:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND
cpe:2.3:o:meritlilin:z3r6522x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z3r6522x:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND
cpe:2.3:o:meritlilin:z3r8922x3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:meritlilin:z3r8922x3:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2021-04-28 10:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-30168

Mitre link : CVE-2021-30168

CVE.ORG link : CVE-2021-30168

JSON object : View

Products Affected

meritlilin

  • z2r6422ax-p
  • p2r6852e2
  • z2r8022ex25_firmware
  • z2r6422ax
  • p2r8852e2_firmware
  • z2r6452ax-p
  • p3r6322e2_firmware
  • p2r6852e2_firmware
  • z2r6552x_firmware
  • p2r3022ae2_firmware
  • z2r8822ax_firmware
  • p3r6522e2
  • p2r6322ae2_firmware
  • z2r8152x-p
  • p2r8822e4_firmware
  • p2r6522e4
  • p3r8822e2
  • p2r6352ae2_firmware
  • p2g1022
  • p2r6822e2_firmware
  • p2r6552e4
  • z2r8022ex25
  • p2r8852e4
  • p2r6522e2_firmware
  • z3r6422x3_firmware
  • p2r6352ae4
  • p2g1052_firmware
  • z2r8852ax_firmware
  • p2r8822e4
  • z2r8152x2-p_firmware
  • p2r8822e2
  • p2r6522e4_firmware
  • z2r6452ax_firmware
  • z2r6522x_firmware
  • p2r6322ae4_firmware
  • p2r6822e4_firmware
  • p2r6322ae4
  • p2r8852e4_firmware
  • z2r8052ex25_firmware
  • p2r6552e4_firmware
  • p2r6352ae4_firmware
  • p2r6552e2
  • p2r3022ae2
  • z2r8122x2-p_firmware
  • p2g1052
  • z3r6522x_firmware
  • p2g1022x
  • z2r8852ax
  • z2r6552x
  • z2r8052ex25
  • z2r6452ax
  • z2r6422ax_firmware
  • p2r6352ae2
  • p2r6322ae2
  • p2r3052ae2_firmware
  • p2r8852e2
  • z2r8152x-p_firmware
  • z2r8122x-p
  • z3r8922x3_firmware
  • p2r6822e4
  • p2r6822e2
  • z2r6522x
  • p2g1022_firmware
  • p2r6852e4_firmware
  • z2r6422ax-p_firmware
  • p2g1022x_firmware
  • z3r6522x
  • z2r8122x-p_firmware
  • z2r8122x2-p
  • p2r3052ae2
  • z3r6422x3
  • p2r6552e2_firmware
  • p2r6852e4
  • p2r6522e2
  • z3r8922x3
  • z2r8152x2-p
  • p3r6322e2
  • p3r6522e2_firmware
  • p2r8822e2_firmware
  • z2r8822ax
  • p3r8822e2_firmware
  • z2r6452ax-p_firmware
CWE
CWE-522

Insufficiently Protected Credentials

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor