CVE-2021-30167 Vulnerability Details

  /     /     /  

CVE-2021-30167 Metadata Quick Info

CVE Published: 28/04/2021 | CVE Updated: 17/09/2024 | CVE Year: 2021
Source: twcert | Vendor: MERIT LILIN ENT.CO.,LTD. | Product: P2/Z2/P3/Z3 IP camera firmware
Status : PUBLISHED

CVE-2021-30167 Description

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.

Metrics

CVSS Version: 3.1 | Base Score: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-522
CWE Name: CWE-522 Insufficiently Protected Credentials
Source: MERIT LILIN ENT.CO.,LTD.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).