CVE-2021-30166

HIGH

Meritlilin IP Camera Firmware < 7.1.94.8908 - Authenticated OS Command Injection via NTP Server Configuration

Title source: llm
STIX 2.1

Description

The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.

References (4)

Core 4

Scores

CVSS v3 7.2
EPSS 0.0379
EPSS Percentile 88.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (41)
meritlilin/p2g1022_firmware < 7.1.94.8908
meritlilin/p2g1022x_firmware < 7.1.94.8908
meritlilin/p2g1052_firmware < 7.1.94.8908
meritlilin/p2r3022ae2_firmware < 7.1.94.8908
meritlilin/p2r3052ae2_firmware < 7.1.94.8908
meritlilin/p2r6322ae2_firmware < 7.1.94.8908
meritlilin/p2r6322ae4_firmware < 7.1.94.8908
meritlilin/p2r6352ae2_firmware < 7.1.94.8908
meritlilin/p2r6352ae4_firmware < 7.1.94.8908
meritlilin/p2r6522e2_firmware < 7.1.94.8908
... and 31 more
Published Apr 28, 2021
Tracked Since Feb 18, 2026