LILIN IP Camera P2 Z2 Multiple Vulnerabilities.md

LILIN IP Camera P2/Z2 Multiple Vulnerabilities

Summary

Vulnerability List

1. [Post-Auth]Command Injection
2. [Pre-Auth]Broken Access Control
3. [Pre-Auth]Remote Admin Credential Disclosure-1
4. [Pre-Auth]Remote Admin Credential Disclosure-2

Details

1. High - [CVE-2021-30166] Command Injection

CVSSv3.1 Score

7.2 (High) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

A Command Injection vulnerability in the NTP Setting that allows authenticated administrator to execute arbitrary commands with root privileges.

Impact

An attacker can execute arbitrary commands to install malware.

2. Critical - [CVE-2021-30167] Broken Access Control

CVSSv3.1 Score

9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

It allows attackers to create arbitrary user via /apply2.cgi without any authentication.

Impact

An attacker can create arbitrary user to bypass authentication.

3. Critical - [CVE-2021-30168]Remote Admin Credential Disclosure-1

CVSSv3.1 Score

9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The device stores the administrator's sensitive information page, without proper protection.

Impact

Remote attackers can obtain the administrator's account password without authorization to control the device.

4. Medium - [CVE-2021-30169]Remote Admin Credential Disclosure-2

CVSSv3.1 Score

5.3 (Medium) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The user credentials be stored in html(/new/setup.htm) with base64 encode.

Impact

The leaked user credentials of the system can be taken for further attack.

Products Affected

• LILIN IP Camera P2: Firmware Version: <=7.1.94.8908
• LILIN IP Camera Z2: Firmware Version: <=7.1.94.8908

Credits

• ChunHao Yang(CHT Security)
• Keniver Wang(CHT Security)