{"containers": {"cna": {"affected": [{"product": "P2/Z2/P3/Z3 IP camera firmware", "vendor": "MERIT LILIN ENT.CO.,LTD.", "versions": [{"lessThanOrEqual": "7.1.94.8908", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-04-28T00:00:00", "descriptions": [{"lang": "en", "value": "The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 OS Command Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-28T09:30:43", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e"}, {"tags": ["x_refsource_MISC"], "url": "https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388"}], "solutions": [{"lang": "en", "value": "Update P2/Z2/P3/Z3 IP camera firmware to SVN9695."}], "source": {"advisory": "TVN-202104002", "discovery": "EXTERNAL"}, "title": "MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Command Injection", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2021-04-28T09:08:00.000Z", "ID": "CVE-2021-30166", "STATE": "PUBLIC", "TITLE": "MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Command Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "P2/Z2/P3/Z3 IP camera firmware", "version": {"version_data": [{"version_affected": "<=", "version_value": "7.1.94.8908"}]}}]}, "vendor_name": "MERIT LILIN ENT.CO.,LTD."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78 OS Command Injection"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html"}, {"name": "https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf", "refsource": "MISC", "url": "https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf"}, {"name": "https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e", "refsource": "MISC", "url": "https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e"}, {"name": "https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388", "refsource": "MISC", "url": "https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388"}]}, "solution": [{"lang": "en", "value": "Update P2/Z2/P3/Z3 IP camera firmware to SVN9695."}], "source": {"advisory": "TVN-202104002", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2021-30166", "datePublished": "2021-04-28T00:00:00", "dateReserved": "2021-04-06T00:00:00", "dateUpdated": "2021-04-28T09:30:43", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r8852e2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFB3042C-114F-4ED1-BA00-F20A5C0BB6E2", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r8852e2:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8A9131E-7A7A-48AA-A429-6699314C1380", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r8852e4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3841D1B9-CD30-4973-94F2-92320BF0C103", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r8852e4:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B92D194-8C53-405B-ACB9-94C56ABD5107", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r6852e2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "586C449F-5D4C-4CF5-B596-4053F8AB0687", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r6852e2:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D94D053-743A-4AF6-9E05-6C7A87A8913C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r6852e4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "94A22430-713F-49C4-87F5-4FB86BB3E485", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r6852e4:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6CC342A-E6D4-4ED7-B789-20FDA4FB3D0B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r6552e2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "673FCCE6-2C02-48BD-B939-F4255E2CA75E", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r6552e2:-:*:*:*:*:*:*:*", "matchCriteriaId": "77F82003-A28A-49FB-8D95-097AE4FB1B76", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r6552e4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E71580E-DB0C-4535-B024-C53545EEB48D", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r6552e4:-:*:*:*:*:*:*:*", "matchCriteriaId": "14491B1B-C538-4E89-A54E-7BC94D7B13C9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r6352ae2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3425C76-A78A-45A4-8A68-73B11EBBD01C", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r6352ae2:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E7BADDD-62D2-49B6-86C4-0E05BAF7EC14", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r6352ae4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "64AA3B69-1A87-42DD-9A40-3F4F2D7E7B55", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r6352ae4:-:*:*:*:*:*:*:*", "matchCriteriaId": "086E6695-0FFE-4BE9-9DDA-45BE7C99D08D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r3052ae2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4158A2E5-FFC4-4AEE-BCB7-BDF0B0E48230", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r3052ae2:-:*:*:*:*:*:*:*", "matchCriteriaId": "C42315B3-4517-445F-86E3-BC40232F5C3C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2g1052_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5549217-0A9A-427F-ACE3-715A6659751C", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2g1052:-:*:*:*:*:*:*:*", "matchCriteriaId": "82C89F93-BC20-4900-B8E6-B69748CCF092", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r8822e2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3A91BE4-5D41-47D1-819B-A643B5CF004E", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r8822e2:-:*:*:*:*:*:*:*", "matchCriteriaId": "6009643F-3561-46DC-826A-468F151E70E7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r8822e4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "25B11AE1-0BA2-4CFC-A380-E1C1B4ABBEDC", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r8822e4:-:*:*:*:*:*:*:*", "matchCriteriaId": "511A3B5D-0072-45E2-9E15-374878CB6B0F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r6822e2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F733549-52C0-4446-99C2-1810F4CB0986", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r6822e2:-:*:*:*:*:*:*:*", "matchCriteriaId": "C58F1D2D-8819-4C2B-B09A-B0994AA1F88D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r6822e4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C2E927A-A1FC-4119-8461-CB1FAB017450", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r6822e4:-:*:*:*:*:*:*:*", "matchCriteriaId": "7099C696-1D93-4F30-BE3E-882FBCC038DE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r6522e2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C02C3F98-AE69-42CF-96D2-B3395CAFD9A5", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r6522e2:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7FDCC54-133A-4B07-8EC7-A67F549DC36B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r6522e4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC814A10-FB02-4514-83DE-FA50E15B718B", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r6522e4:-:*:*:*:*:*:*:*", "matchCriteriaId": "F331BA80-FD4D-441F-806D-C0AF83DA11C8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r6322ae2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4A05F71-3B29-4C76-B22D-D863BFC9F3D7", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r6322ae2:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5C6C6F4-9C6E-4766-82D3-FA15EF407229", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r6322ae4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F033D14F-D552-4405-B8E3-86DC321DFA55", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r6322ae4:-:*:*:*:*:*:*:*", "matchCriteriaId": "469978BD-A042-48F4-B84C-8A0CC4FC0E6C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2r3022ae2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "23CF2710-27A7-422C-8B75-BEC9FA0FCEDA", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2r3022ae2:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE10197E-C9DB-44AA-9DD5-7B7B0F9928B8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2g1022_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D465D429-4EB0-4CBC-A909-7D8F08778073", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2g1022:-:*:*:*:*:*:*:*", "matchCriteriaId": "23C92472-6E8E-420F-BFDE-049AC04119FC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p2g1022x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD289724-B816-4CC8-887E-47ED3AB91A1C", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p2g1022x:-:*:*:*:*:*:*:*", "matchCriteriaId": "55B90FBD-F9B9-4148-A684-16CF619C288C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:z2r8852ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "982899DC-A4D1-42D9-918A-D94A1F4FB2C1", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:z2r8852ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7A487D8-6707-408D-A518-8BB3F9A722E9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:z2r8152x-p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "655AC751-6600-478E-9EBD-A74426688E06", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:z2r8152x-p:-:*:*:*:*:*:*:*", "matchCriteriaId": "0583B058-0526-4E5F-A3D7-45FAE9319211", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:z2r8152x2-p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "49D69485-E371-46E1-8304-AD227E9FA1B6", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:z2r8152x2-p:-:*:*:*:*:*:*:*", "matchCriteriaId": "129F9D32-D19E-492D-AA76-3A46B92C7B45", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:z2r8052ex25_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F178AD2-A191-4B0E-9277-8FBDC47EBB71", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:z2r8052ex25:-:*:*:*:*:*:*:*", "matchCriteriaId": "60B747B7-2CD6-4CF7-9371-8EF93880E307", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:z2r6552x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "32FA5EE1-CF52-4922-A274-FC4F1B69622A", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:z2r6552x:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D2FA0C8-9658-4B11-B704-84375D6E5D7C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:z2r6452ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E426C3C-09D9-40E2-B2C6-F1C44CC3B19D", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:z2r6452ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFD844D5-99A0-4B7D-BFC9-24479F4381C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:z2r6452ax-p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAAB99C4-C873-4024-B4D5-D87D485C78BB", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:z2r6452ax-p:-:*:*:*:*:*:*:*", "matchCriteriaId": "5EF4ACEC-138D-4CB0-8CF7-427CAF3AE34E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:z2r8822ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDDB6F5E-8960-4FAB-8D03-78C2C9C64A68", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:z2r8822ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "ABC3ACBE-C2D0-4302-9ED1-0E12D6772E2D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:z2r8122x-p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AAEED646-3171-407E-BFD6-69A822A98592", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:z2r8122x-p:-:*:*:*:*:*:*:*", "matchCriteriaId": "98A07293-5D9E-4065-855C-92610938C4FC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:z2r8122x2-p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CF12021-1726-452B-A5B4-9088A9455B91", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:z2r8122x2-p:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB153E8F-E997-462C-A876-2C8338C3FF46", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:z2r8022ex25_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4262E24-A9EE-446D-906D-DFCA9F388751", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:z2r8022ex25:-:*:*:*:*:*:*:*", "matchCriteriaId": "C930EF97-0E3E-4782-A0F1-DFBB9931A71A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:z2r6522x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "764E9C36-84F8-4A54-A4D3-5BFB0F621999", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:z2r6522x:-:*:*:*:*:*:*:*", "matchCriteriaId": "691D3A4C-12FB-4C62-9A44-A6F6F3497097", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:z2r6422ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "93C2A216-620C-4A19-B058-A196FF6EC53D", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:z2r6422ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A212B55-6EC4-4136-9AF6-F0B0514EBAA1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:z2r6422ax-p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2238B38-274F-441A-B96E-B790D347B109", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:z2r6422ax-p:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC54DA97-FCD0-4800-A5C7-A93EED87AE5E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p3r6322e2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "00D4B74D-4E42-4BF2-A69C-E53EB51CC76B", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p3r6322e2:-:*:*:*:*:*:*:*", "matchCriteriaId": "25FFC5F6-35D2-4ECC-9CE4-A6EAD55D0248", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p3r6522e2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "25ABE04A-183C-4077-BD0E-4D920CFCBDCA", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p3r6522e2:-:*:*:*:*:*:*:*", "matchCriteriaId": "D836DA90-CA22-416D-9AD1-2E04C8FBD285", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:p3r8822e2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B232619-A97C-4C4A-B1C7-4B954274F2E1", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:p3r8822e2:-:*:*:*:*:*:*:*", "matchCriteriaId": "E20064E5-8988-4BB1-9731-46015374C29C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:z3r6422x3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "25BF7A29-2E39-41C1-A509-AC2331554070", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:z3r6422x3:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E5BADF1-23EB-418F-8E30-1616329C9B16", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:z3r6522x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE621ECE-B0E2-41A3-8EA9-CA2935375DE2", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:z3r6522x:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD6E9CD5-D9AC-473B-8A50-9BBDDC4551D8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meritlilin:z3r8922x3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "881EEE2D-F400-41A1-BD59-35B569248C0D", "versionEndExcluding": "7.1.94.8908", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meritlilin:z3r8922x3:-:*:*:*:*:*:*:*", "matchCriteriaId": "D830A98B-407C-4425-9371-D1813B5CA618", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission."}, {"lang": "es", "value": "La funci\u00f3n de configuraci\u00f3n del servidor NTP del dispositivo de c\u00e1mara IP no es comprobada con un par\u00e1metro especial.&#xa0;Unos atacantes remotos pueden llevar a cabo un ataque de inyecci\u00f3n de comandos y ejecutar comandos arbitrarios despu\u00e9s de iniciar sesi\u00f3n con el permiso privilegiado"}], "id": "CVE-2021-30166", "lastModified": "2021-05-05T20:36:10.947", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Primary"}]}, "published": "2021-04-28T10:15:08.647", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e"}, {"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388"}, {"source": "twcert@cert.org.tw", "tags": ["Vendor Advisory"], "url": "https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf"}, {"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}

{}