CVE-2021-30167

CRITICAL

Network Camera Device - Privilege Escalation

Title source: llm

Description

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.

References (4)

Core 4

Core References

Not Applicable x_refsource_misc

https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html

Vendor Advisory x_refsource_misc

https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf

Third Party Advisory x_refsource_misc

https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e

Third Party Advisory x_refsource_misc

https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388

Scores

CVSS v3 9.8

EPSS 0.0244

EPSS Percentile 82.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-306 CWE-522

Status published

Products (41)

meritlilin/p2g1022_firmware < 7.1.94.8908

meritlilin/p2g1022x_firmware < 7.1.94.8908

meritlilin/p2g1052_firmware < 7.1.94.8908

meritlilin/p2r3022ae2_firmware < 7.1.94.8908

meritlilin/p2r3052ae2_firmware < 7.1.94.8908

meritlilin/p2r6322ae2_firmware < 7.1.94.8908

meritlilin/p2r6322ae4_firmware < 7.1.94.8908

meritlilin/p2r6352ae2_firmware < 7.1.94.8908

meritlilin/p2r6352ae4_firmware < 7.1.94.8908

meritlilin/p2r6522e2_firmware < 7.1.94.8908

... and 31 more

Published Apr 28, 2021

Tracked Since Feb 18, 2026