CVE-2021-30168
CRITICAL EXPLOITEDMeritlilin P2R/P2G Firmware < 7.1.94.8908 - Unauthenticated Credential Exposure
Title source: llmExploitation Summary
CVE-2021-30168 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf
Third Party Advisory x_refsource_misc
https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e
Third Party Advisory x_refsource_misc
https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-4678-aad70-1.html
Scores
CVSS v3
9.8
EPSS
0.0213
EPSS Percentile
79.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2023-11-25
CWE
CWE-200
CWE-522
Status
published
Products (41)
meritlilin/p2g1022_firmware
< 7.1.94.8908
meritlilin/p2g1022x_firmware
< 7.1.94.8908
meritlilin/p2g1052_firmware
< 7.1.94.8908
meritlilin/p2r3022ae2_firmware
< 7.1.94.8908
meritlilin/p2r3052ae2_firmware
< 7.1.94.8908
meritlilin/p2r6322ae2_firmware
< 7.1.94.8908
meritlilin/p2r6322ae4_firmware
< 7.1.94.8908
meritlilin/p2r6352ae2_firmware
< 7.1.94.8908
meritlilin/p2r6352ae4_firmware
< 7.1.94.8908
meritlilin/p2r6522e2_firmware
< 7.1.94.8908
... and 31 more
Published
Apr 28, 2021
Tracked Since
Feb 18, 2026