KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

9.8

CVSS
Critical

CVE-2021-30168

PUBLISHED

MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Sensitive Data Exposure-1

Exploited in the wild Remote Low complexity No user interaction

Vendor: MERIT LILIN ENT.CO.,LTD.
Product: P2/Z2/P3/Z3 IP camera firmware
Published: Apr 28, 2021
EPSS: —

Description

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices.

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2025-06-06 00:00:00 UTC · Source

References

https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf
https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e
https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388
https://www.twcert.org.tw/tw/cp-132-4678-aad70-1.html

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
The Shadowserver (via CIRCL)	Jun 06, 2025

Timeline

CVE ID Reserved

April 06, 2021
CVE Published to Public

April 28, 2021
Added to KEVIntel

June 06, 2025