ID

VAR-202104-1273


CVE

CVE-2021-30166


TITLE

Vivotek VIVOTEK IP Camera Operating system command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-2068

DESCRIPTION

The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission

Trust: 0.99

sources: NVD: CVE-2021-30166 // VULMON: CVE-2021-30166

IOT TAXONOMY

category:['camera device']sub_category:IP camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:meritlilinmodel:z3r8922x3scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:z2r6452ax-pscope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r6552e2scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r8822e2scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r8852e4scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r8822e4scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:z2r8052ex25scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r6852e2scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r6822e2scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p3r6522e2scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r6552e4scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r6822e4scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:z2r8852axscope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:z2r6422axscope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r6852e4scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2g1022scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:z2r6522xscope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r6522e4scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r6522e2scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r6352ae4scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:z2r8122x2-pscope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2g1052scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r6352ae2scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:z2r8152x-pscope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r6322ae2scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:z2r8122x-pscope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:z3r6522xscope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r3052ae2scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:z2r6422ax-pscope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:z2r6452axscope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2g1022xscope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:z2r6552xscope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p3r6322e2scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p3r8822e2scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r6322ae4scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:z3r6422x3scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:z2r8152x2-pscope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:z2r8822axscope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:z2r8022ex25scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r8852e2scope:ltversion:7.1.94.8908

Trust: 1.0

vendor:meritlilinmodel:p2r3022ae2scope:ltversion:7.1.94.8908

Trust: 1.0

sources: NVD: CVE-2021-30166

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30166
value: HIGH

Trust: 1.0

twcert@cert.org.tw: CVE-2021-30166
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-2068
value: HIGH

Trust: 0.6

VULMON: CVE-2021-30166
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-30166
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

twcert@cert.org.tw: CVE-2021-30166
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2021-30166 // CNNVD: CNNVD-202104-2068 // NVD: CVE-2021-30166 // NVD: CVE-2021-30166

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2021-30166

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2068

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202104-2068

PATCH

title:Vivotek VIVOTEK IP Camera Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148775

Trust: 0.6

sources: CNNVD: CNNVD-202104-2068

EXTERNAL IDS

db:NVDid:CVE-2021-30166

Trust: 1.8

db:CNNVDid:CNNVD-202104-2068

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2021-30166

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-30166 // CNNVD: CNNVD-202104-2068 // NVD: CVE-2021-30166

REFERENCES

url:https://www.meritlilin.com/assets/uploads/support/file/m00166-tw.pdf

Trust: 1.7

url:https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html

Trust: 1.7

url:https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388

Trust: 1.7

url:https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30166

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-30166 // CNNVD: CNNVD-202104-2068 // NVD: CVE-2021-30166

SOURCES

db:OTHERid: -
db:VULMONid:CVE-2021-30166
db:CNNVDid:CNNVD-202104-2068
db:NVDid:CVE-2021-30166

LAST UPDATE DATE

2025-01-30T20:34:10.938000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-30166date:2021-05-05T00:00:00
db:CNNVDid:CNNVD-202104-2068date:2021-05-06T00:00:00
db:NVDid:CVE-2021-30166date:2024-11-21T06:03:26.307

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-30166date:2021-04-28T00:00:00
db:CNNVDid:CNNVD-202104-2068date:2021-04-28T00:00:00
db:NVDid:CVE-2021-30166date:2021-04-28T10:15:08.647