Login Sign Up

CVE-2021-30165

7.5 HIGH
Authentication Bypass

📋 TL;DR

EDIMAX wireless network cameras have a hard-coded default administrator account and password in their firmware. Remote attackers can extract these credentials by reverse-engineering the firmware, then gain privileged access to control the devices. All users of affected EDIMAX camera models are vulnerable.

💻 Affected Systems

Products:
  • EDIMAX wireless network cameras
Versions: All versions with hard-coded credentials (specific models not detailed in CVE)
Operating Systems: Embedded camera firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices using the vulnerable firmware are affected regardless of configuration.

📦 What is this software?

Ic 3140w Firmware by Edimax

View all CVEs affecting Ic 3140w Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative control of cameras, enabling them to view live feeds, disable cameras, modify settings, or use cameras as footholds into internal networks.

🟠

Likely Case

Attackers compromise cameras to spy on private areas, disable security monitoring, or use devices in botnets for DDoS attacks.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to camera functionality without network lateral movement.

🌐 Internet-Facing: HIGH - Cameras exposed to the internet can be directly attacked without network access.
🏢 Internal Only: MEDIUM - Attackers need internal network access, but credentials are easily obtainable from firmware.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Attackers need to extract credentials from firmware first, but once obtained, exploitation is trivial.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: https://www.twcert.org.tw/tw/cp-132-4670-359c8-1.html

Restart Required: No

Instructions:

No official patch available. Contact EDIMAX for firmware updates or replacement options.

🔧 Temporary Workarounds

Change Default Credentials

all

Immediately change the administrator password to a strong, unique password.

Login to camera web interface > Administration > Change Password

Network Segmentation

all

Place cameras on isolated VLANs with strict firewall rules preventing internet access.

🧯 If You Can't Patch

  • Remove cameras from internet-facing positions and place behind VPN or strict firewall
  • Implement network monitoring for suspicious access attempts to camera management interfaces

🔍 How to Verify

Check if Vulnerable:

Check if you can login with default credentials (consult device documentation for defaults) or if firmware contains hard-coded credentials.

Check Version:

Check camera web interface > System Information > Firmware Version

Verify Fix Applied:

Verify you cannot login with default credentials and only strong custom credentials work.

📡 Detection & Monitoring

Log Indicators:

  • Failed login attempts followed by successful admin login
  • Configuration changes from unknown IPs

Network Indicators:

  • Unexpected traffic from camera to external IPs
  • Brute-force attempts on camera management ports

SIEM Query:

source="camera_logs" AND (event="login_success" AND user="admin")

📊 Metadata

CVE ID: CVE-2021-30165
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: April 27, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30165, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)