- [Post-Auth]Command Injection
- [Pre-Auth]Broken Access Control
- [Pre-Auth]Remote Admin Credential Disclosure-1
- [Pre-Auth]Remote Admin Credential Disclosure-2
7.2 (High) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
A Command Injection vulnerability in the NTP Setting that allows authenticated administrator to execute arbitrary commands with root privileges.
An attacker can execute arbitrary commands to install malware.
9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
It allows attackers to create arbitrary user via /apply2.cgi without any authentication.
An attacker can create arbitrary user to bypass authentication.
9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
The device stores the administrator's sensitive information page, without proper protection.
Remote attackers can obtain the administrator's account password without authorization to control the device.
5.3 (Medium) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
The user credentials be stored in html(/new/setup.htm) with base64 encode.
The leaked user credentials of the system can be taken for further attack.
- LILIN IP Camera P2: Firmware Version: <=7.1.94.8908
- LILIN IP Camera Z2: Firmware Version: <=7.1.94.8908
- ChunHao Yang(CHT Security)
- Keniver Wang(CHT Security)