Command Injection Vulnerability in IP Camera's NTP Server Configuration Function

Command Injection Vulnerability in IP Camera's NTP Server Configuration Function

CVE-2021-30166 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.

Learn more about our Cis Benchmark Audit For Server Software.