Vulnerability Details : CVE-2021-30169
The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential.
Vulnerability category: Information leak
Products affected by CVE-2021-30169
- cpe:2.3:o:meritlilin:p2r8852e2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2r8852e4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2r6852e2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2r6852e4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2r6552e2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2r6552e4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2r6352ae2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2r6352ae4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2r3052ae2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2g1052_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2r8822e2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2r8822e4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2r6822e2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2r6822e4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2r6522e2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2r6522e4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2r6322ae2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2r6322ae4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2r3022ae2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2g1022_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p2g1022x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:z2r8852ax_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:z2r8152x-p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:z2r8152x2-p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:z2r8052ex25_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:z2r6552x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:z2r6452ax_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:z2r6452ax-p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:z2r8822ax_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:z2r8122x-p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:z2r8122x2-p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:z2r8022ex25_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:z2r6522x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:z2r6422ax_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:z2r6422ax-p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p3r6322e2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p3r6522e2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:p3r8822e2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:z3r6422x3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:z3r6522x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:meritlilin:z3r8922x3_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-30169
1.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-30169
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
TWCERT/CC |
CWE ids for CVE-2021-30169
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: twcert@cert.org.tw (Secondary)
-
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-30169
-
https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388
CHT Security Red Team Discovered Several Vulnerabilities in Well-Known IP Camera|中華資安國際 CHT Security Co., Ltd.Third Party Advisory
-
https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf
Vendor Advisory
-
https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e
LILIN IP Camera P2 Z2 Multiple Vulnerabilities.md · GitHubThird Party Advisory
-
https://www.twcert.org.tw/tw/cp-132-4679-d308c-1.html
TWCERT/CC台灣電腦網路危機處理暨協調中心-利凌企業 P2/Z2/P3/Z3系列網路攝影機 - Sensitive Data Exposure-2Third Party Advisory
Jump to