CVE-2021-30169

Description

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential.

Related CPE's

omeritlilinp2r8852e2_firmware********
vulnerable
hmeritlilinp2r8852e2-*******
omeritlilinp2r8852e4_firmware********
vulnerable
hmeritlilinp2r8852e4-*******
omeritlilinp2r6852e2_firmware********
vulnerable
hmeritlilinp2r6852e2-*******
omeritlilinp2r6852e4_firmware********
vulnerable
hmeritlilinp2r6852e4-*******
omeritlilinp2r6552e2_firmware********
vulnerable
hmeritlilinp2r6552e2-*******

References

https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf

Vendor Advisory

https://www.twcert.org.tw/tw/cp-132-4679-d308c-1.html

Third Party Advisory

https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388

Third Party Advisory

https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e

Third Party Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AttackVector

NETWORK

AttackComplexity

LOW

PrivilegesRequired

NONE

UserInteraction

NONE

Scope

UNCHANGED

ConfidentialityImpact

HIGH

IntegrityImpact

NONE

AvailabilityImpact

NONE

BaseScore

7.5

BaseSeverity

HIGH

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

NONE

BaseScore

5

VectorString

AV:N/AC:L/Au:N/C:P/I:N/A:N

Version

2.0

AccessVector

NETWORK

Authentication

NONE