CVE-2021-30167

critical

Description

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.

References

Advisories
More

https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388

https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e

https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html

https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf

Details

Source: Mitre, NVD

Published: 2021-04-28

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.03016

Detections

Analytics