CVE-2021-30166

The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.

MISC: https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e
MISC: https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388
MISC: https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf
MISC: https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30166

14 years
257 countries
687k users
4547k calculations
Logo reolink.com
Logo www.clarecontrols.com
Logo www.eleksys.cz
Logo ru.kedacom.com
Logo www.use-ip.co.uk
Logo blog.camcloud.com