LILIN IP Camera P2/Z2 Multiple Vulnerabilities
Summary
Vulnerability List
- [Post-Auth]Command Injection
- [Pre-Auth]Broken Access Control
- [Pre-Auth]Remote Admin Credential Disclosure-1
- [Pre-Auth]Remote Admin Credential Disclosure-2
Details
1. High - [CVE-2021-30166] Command Injection
CVSSv3.1 Score
7.2 (High) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Description
A Command Injection vulnerability in the NTP Setting that allows authenticated administrator to execute arbitrary commands with root privileges.
Impact
An attacker can execute arbitrary commands to install malware.
2. Critical - [CVE-2021-30167] Broken Access Control
CVSSv3.1 Score
9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
It allows attackers to create arbitrary user via /apply2.cgi without any authentication.
Impact
An attacker can create arbitrary user to bypass authentication.
3. Critical - [CVE-2021-30168]Remote Admin Credential Disclosure-1
CVSSv3.1 Score
9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
The device stores the administrator's sensitive information page, without proper protection.
Impact
Remote attackers can obtain the administrator's account password without authorization to control the device.
4. Medium - [CVE-2021-30169]Remote Admin Credential Disclosure-2
CVSSv3.1 Score
5.3 (Medium) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Description
The user credentials be stored in html(/new/setup.htm) with base64 encode.
Impact
The leaked user credentials of the system can be taken for further attack.
Products Affected
- LILIN IP Camera P2: Firmware Version: <=7.1.94.8908
- LILIN IP Camera Z2: Firmware Version: <=7.1.94.8908
Credits
- ChunHao Yang(CHT Security)
- Keniver Wang(CHT Security)