Login Sign Up

CVE-2021-30167

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2021-30167 is an authentication bypass vulnerability in network camera devices that allows authenticated remote attackers to modify URL parameters and escalate privileges to control devices. This affects network camera systems with vulnerable user profile management services. Attackers can gain administrative control over affected devices.

💻 Affected Systems

Products:
  • Merit LILIN network camera devices
Versions: Firmware versions prior to 2021-04-29
Operating Systems: Embedded camera firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with web management interfaces enabled. Requires authenticated access initially.

📦 What is this software?

P2g1022 Firmware by Meritlilin

View all CVEs affecting P2g1022 Firmware →

P2g1022x Firmware by Meritlilin

View all CVEs affecting P2g1022x Firmware →

P2g1052 Firmware by Meritlilin

View all CVEs affecting P2g1052 Firmware →

P2r3022ae2 Firmware by Meritlilin

View all CVEs affecting P2r3022ae2 Firmware →

P2r3052ae2 Firmware by Meritlilin

View all CVEs affecting P2r3052ae2 Firmware →

P2r6322ae2 Firmware by Meritlilin

View all CVEs affecting P2r6322ae2 Firmware →

P2r6322ae4 Firmware by Meritlilin

View all CVEs affecting P2r6322ae4 Firmware →

P2r6352ae2 Firmware by Meritlilin

View all CVEs affecting P2r6352ae2 Firmware →

P2r6352ae4 Firmware by Meritlilin

View all CVEs affecting P2r6352ae4 Firmware →

P2r6522e2 Firmware by Meritlilin

View all CVEs affecting P2r6522e2 Firmware →

P2r6522e4 Firmware by Meritlilin

View all CVEs affecting P2r6522e4 Firmware →

P2r6552e2 Firmware by Meritlilin

View all CVEs affecting P2r6552e2 Firmware →

P2r6552e4 Firmware by Meritlilin

View all CVEs affecting P2r6552e4 Firmware →

P2r6822e2 Firmware by Meritlilin

View all CVEs affecting P2r6822e2 Firmware →

P2r6822e4 Firmware by Meritlilin

View all CVEs affecting P2r6822e4 Firmware →

P2r6852e2 Firmware by Meritlilin

View all CVEs affecting P2r6852e2 Firmware →

P2r6852e4 Firmware by Meritlilin

View all CVEs affecting P2r6852e4 Firmware →

P2r8822e2 Firmware by Meritlilin

View all CVEs affecting P2r8822e2 Firmware →

P2r8822e4 Firmware by Meritlilin

View all CVEs affecting P2r8822e4 Firmware →

P2r8852e2 Firmware by Meritlilin

View all CVEs affecting P2r8852e2 Firmware →

P2r8852e4 Firmware by Meritlilin

View all CVEs affecting P2r8852e4 Firmware →

P3r6322e2 Firmware by Meritlilin

View all CVEs affecting P3r6322e2 Firmware →

P3r6522e2 Firmware by Meritlilin

View all CVEs affecting P3r6522e2 Firmware →

P3r8822e2 Firmware by Meritlilin

View all CVEs affecting P3r8822e2 Firmware →

Z2r6422ax Firmware by Meritlilin

View all CVEs affecting Z2r6422ax Firmware →

Z2r6422ax P Firmware by Meritlilin

View all CVEs affecting Z2r6422ax P Firmware →

Z2r6452ax Firmware by Meritlilin

View all CVEs affecting Z2r6452ax Firmware →

Z2r6452ax P Firmware by Meritlilin

View all CVEs affecting Z2r6452ax P Firmware →

Z2r6522x Firmware by Meritlilin

View all CVEs affecting Z2r6522x Firmware →

Z2r6552x Firmware by Meritlilin

View all CVEs affecting Z2r6552x Firmware →

Z2r8022ex25 Firmware by Meritlilin

View all CVEs affecting Z2r8022ex25 Firmware →

Z2r8052ex25 Firmware by Meritlilin

View all CVEs affecting Z2r8052ex25 Firmware →

Z2r8122x P Firmware by Meritlilin

View all CVEs affecting Z2r8122x P Firmware →

Z2r8122x2 P Firmware by Meritlilin

View all CVEs affecting Z2r8122x2 P Firmware →

Z2r8152x P Firmware by Meritlilin

View all CVEs affecting Z2r8152x P Firmware →

Z2r8152x2 P Firmware by Meritlilin

View all CVEs affecting Z2r8152x2 P Firmware →

Z2r8822ax Firmware by Meritlilin

View all CVEs affecting Z2r8822ax Firmware →

Z2r8852ax Firmware by Meritlilin

View all CVEs affecting Z2r8852ax Firmware →

Z3r6422x3 Firmware by Meritlilin

View all CVEs affecting Z3r6422x3 Firmware →

Z3r6522x Firmware by Meritlilin

View all CVEs affecting Z3r6522x Firmware →

Z3r8922x3 Firmware by Meritlilin

View all CVEs affecting Z3r8922x3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing attackers to disable security features, access video feeds, modify configurations, and use devices as footholds for network attacks.

🟠

Likely Case

Privilege escalation leading to unauthorized administrative access, configuration changes, and potential data exfiltration from camera systems.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication controls, and regular monitoring in place.

🌐 Internet-Facing: HIGH - Network cameras are often exposed to the internet for remote access, making them prime targets for exploitation.
🏢 Internal Only: MEDIUM - Internal attackers with network access could exploit this, but requires initial authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit involves modifying URL parameters in user profile management requests. Requires initial authentication but leads to privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates released April 29, 2021

Vendor Advisory: https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf

Restart Required: Yes

Instructions:

1. Download latest firmware from Merit LILIN support site. 2. Backup current configuration. 3. Upload firmware via web interface. 4. Apply update and restart device. 5. Verify firmware version post-update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate camera network from critical systems and restrict internet access

Access Control

all

Implement strict authentication policies and disable unnecessary user accounts

🧯 If You Can't Patch

  • Implement network segmentation to isolate camera devices from critical infrastructure
  • Enable logging and monitoring for suspicious authentication and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface. If version is older than April 29, 2021 release, device is vulnerable.

Check Version:

Login to camera web interface and navigate to System > Information to view firmware version

Verify Fix Applied:

Verify firmware version shows post-April 29, 2021 release and test user profile modification attempts fail.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed authentication attempts followed by successful login
  • User privilege changes in logs
  • Unusual URL parameter modifications in web requests

Network Indicators:

  • HTTP requests with modified user profile parameters
  • Traffic to camera management interfaces from unexpected sources

SIEM Query:

source="camera_logs" AND (event_type="privilege_change" OR url_path="/cgi-bin/manage_user.cgi" AND parameters_modified="true")

📊 Metadata

CVE ID: CVE-2021-30167
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-522
Published: April 28, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30167, you might also want to check these:

CVE-2024-51545 10.0

This CVE describes a username enumeration vulnerability in ABB industrial control system products th...

Same vulnerability type (CWE-522)
CVE-2021-30116 10.0

CVE-2021-30116 is an authentication bypass vulnerability in Kaseya VSA that allows unauthenticated a...

Same vulnerability type (CWE-522)
CVE-2025-0867 9.9

This vulnerability allows standard users to execute commands with administrative privileges through ...

Same vulnerability type (CWE-522)