CVE-2021-30168

CRITICAL EXPLOITED

Webcam Device - Info Disclosure

Title source: llm

Description

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices.

References (4)

[Third Party Advisory] https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e

[Third Party Advisory] https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388

[Vendor Advisory] https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf

[Third Party Advisory] https://www.twcert.org.tw/tw/cp-132-4678-aad70-1.html

Scores

CVSS v3 9.8

EPSS 0.0182

EPSS Percentile 82.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2023-11-25

Classification

CWE

CWE-522 CWE-200

Status published

Affected Products (41)

meritlilin/p2r8852e2_firmware < 7.1.94.8908

meritlilin/p2r8852e4_firmware < 7.1.94.8908

meritlilin/p2r6852e2_firmware < 7.1.94.8908

meritlilin/p2r6852e4_firmware < 7.1.94.8908

meritlilin/p2r6552e2_firmware < 7.1.94.8908

meritlilin/p2r6552e4_firmware < 7.1.94.8908

meritlilin/p2r6352ae2_firmware < 7.1.94.8908

meritlilin/p2r6352ae4_firmware < 7.1.94.8908

meritlilin/p2r3052ae2_firmware < 7.1.94.8908

meritlilin/p2g1052_firmware < 7.1.94.8908

meritlilin/p2r8822e2_firmware < 7.1.94.8908

meritlilin/p2r8822e4_firmware < 7.1.94.8908

meritlilin/p2r6822e2_firmware < 7.1.94.8908

meritlilin/p2r6822e4_firmware < 7.1.94.8908

meritlilin/p2r6522e2_firmware < 7.1.94.8908

... and 26 more

Timeline

Published Apr 28, 2021

Tracked Since Feb 18, 2026