CVE-2021-30167
EUVD-2021-1710328.04.2021, 10:15
The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| meritlilin | p2r8852e2_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2r8852e4_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2r6852e2_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2r6852e4_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2r6552e2_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2r6552e4_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2r6352ae2_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2r6352ae4_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2r3052ae2_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2g1052_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2r8822e2_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2r8822e4_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2r6822e2_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2r6822e4_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2r6522e2_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2r6522e4_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2r6322ae2_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2r6322ae4_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2r3022ae2_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2g1022_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p2g1022x_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | z2r8852ax_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | z2r8152x-p_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | z2r8152x2-p_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | z2r8052ex25_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | z2r6552x_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | z2r6452ax_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | z2r6452ax-p_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | z2r8822ax_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | z2r8122x-p_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | z2r8122x2-p_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | z2r8022ex25_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | z2r6522x_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | z2r6422ax_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | z2r6422ax-p_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p3r6322e2_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p3r6522e2_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | p3r8822e2_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | z3r6422x3_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | z3r6522x_firmware | 𝑥 < 7.1.94.8908 |
| meritlilin | z3r8922x3_firmware | 𝑥 < 7.1.94.8908 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
- CWE-306 - Missing Authentication for Critical FunctionThe product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
References