Home

Description

A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobot botnets.

PUBLISHED Reserved 2025-04-15 | Published 2025-07-16 | Updated 2026-05-15 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-20 Improper Input Validation

Product status

Default status
unaffected

Any version before 2.0b60_20200207
affected

Credits

360 Netlab finder

References

blog.netlab.360.com/...-are-spreading-using-lilin-dvr-0-day/ third-party-advisory technical-description

www.meritlilin.com/assets/uploads/support/file/M00158-TW.pdf vendor-advisory patch

www.vulncheck.com/...ries/lilin-dvr-multiple-vulnerabilities third-party-advisory

cve.org (CVE-2025-34129)

nvd.nist.gov (CVE-2025-34129)

Download JSON