Details of VAR-202104-1274

ID

VAR-202104-1274

CVE

CVE-2021-30167

TITLE

network camera device Access control error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-2067

DESCRIPTION

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices

Trust: 0.99

sources: NVD: CVE-2021-30167 // VULMON: CVE-2021-30167

IOT TAXONOMY

category:

['camera device']

sub_category:

camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	meritlilin	model:	z3r8922x3	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	z2r6452ax-p	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r6552e2	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r8822e2	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r8852e4	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r8822e4	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	z2r8052ex25	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r6852e2	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r6822e2	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p3r6522e2	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r6552e4	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r6822e4	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	z2r8852ax	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	z2r6422ax	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r6852e4	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2g1022	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	z2r6522x	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r6522e4	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r6522e2	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r6352ae4	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	z2r8122x2-p	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2g1052	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r6352ae2	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	z2r8152x-p	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r6322ae2	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	z2r8122x-p	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	z3r6522x	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r3052ae2	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	z2r6422ax-p	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	z2r6452ax	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2g1022x	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	z2r6552x	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p3r6322e2	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p3r8822e2	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r6322ae4	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	z3r6422x3	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	z2r8152x2-p	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	z2r8822ax	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	z2r8022ex25	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r8852e2	scope:	lt	version:	7.1.94.8908	Trust: 1.0
vendor:	meritlilin	model:	p2r3022ae2	scope:	lt	version:	7.1.94.8908	Trust: 1.0

sources: NVD: CVE-2021-30167

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30167
value:	HIGH
Trust: 1.0
twcert@cert.org.tw:	CVE-2021-30167
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202104-2067
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-30167
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-30167
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

twcert@cert.org.tw:	CVE-2021-30167
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2021-30167 // CNNVD: CNNVD-202104-2067 // NVD: CVE-2021-30167 // NVD: CVE-2021-30167

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	CWE-306	Trust: 1.0

sources: NVD: CVE-2021-30167

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2067

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202104-2067

PATCH

title:

network camera device Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=148774

Trust: 0.6

sources: CNNVD: CNNVD-202104-2067

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30167	Trust: 1.8
db:	CNNVD	id:	CNNVD-202104-2067	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2021-30167	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-30167 // CNNVD: CNNVD-202104-2067 // NVD: CVE-2021-30167

REFERENCES

url:	https://www.meritlilin.com/assets/uploads/support/file/m00166-tw.pdf	Trust: 1.7
url:	https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html	Trust: 1.7
url:	https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388	Trust: 1.7
url:	https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30167	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/522.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-30167 // CNNVD: CNNVD-202104-2067 // NVD: CVE-2021-30167

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2021-30167
db:	CNNVD	id:	CNNVD-202104-2067
db:	NVD	id:	CVE-2021-30167

LAST UPDATE DATE

2025-01-30T20:11:57.093000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-30167	date:	2021-05-07T00:00:00
db:	CNNVD	id:	CNNVD-202104-2067	date:	2022-10-26T00:00:00
db:	NVD	id:	CVE-2021-30167	date:	2024-11-21T06:03:26.473

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-30167	date:	2021-04-28T00:00:00
db:	CNNVD	id:	CNNVD-202104-2067	date:	2021-04-28T00:00:00
db:	NVD	id:	CVE-2021-30167	date:	2021-04-28T10:15:08.697