We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-34129

LILIN DVR RCE via Malicious FTP/NTP Configuration



Description

A command injection vulnerability exists in LILIN LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobot botnets.

Reserved 2025-04-15 | Published 2025-07-16 | Updated 2025-07-16 | Assigner VulnCheck


HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-20 Improper Input Validation

Product status

Default status
unaffected

* before 2.0b60_20200207
affected

Credits

360 Netlab finder

References

blog.netlab.360.com/...-are-spreading-using-lilin-dvr-0-day/ third-party-advisory technical-description

www.meritlilin.com/assets/uploads/support/file/M00158-TW.pdf vendor-advisory patch

www.vulncheck.com/...ries/lilin-dvr-multiple-vulnerabilities third-party-advisory

cve.org (CVE-2025-34129)

nvd.nist.gov (CVE-2025-34129)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-34129

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.