go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Command Injection

TVN ID TVN-202104002
CVE ID CVE-2021-30166
CVSS 7.2 (High)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera firmware prior version 7.1.94.8908
Description The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.
Solution Update P2/Z2/P3/Z3 IP camera firmware to SVN9695
Credit keniver
Public Date 2021-04-28

Links

  1. CVE-2021-30166
  2. 利凌企業股份有限公司網路商品資安漏洞修正通知
  3. LILIN IP Camera P2/Z2 Multiple Vulnerabilities
  4. CHT Security Red Team Discovered Several Vulnerabilities in Well-Known IP Camera
Top