Merit Lilin Dvr Firmware vulnerabilities
3 known vulnerabilities affecting merit_lilin/dvr_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
3
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2025-34132P1CRITICALCVSS 9.3Exploitedfixed in 2.0b60_202002072025-07-16
CVE-2025-34132 [CRITICAL] CWE-20 CVE-2025-34132: A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firm
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvr_box fails to properly sanitize input, allowing remote attackers to inject and execute arbitrary commands as root by supplying specially c
nvd
CVE-2025-34129P1HIGHCVSS 8.7Exploitedfixed in 2.0b60_202002072025-07-16
CVE-2025-34129 [HIGH] CWE-20 CVE-2025-34129: A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firm
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fiel
nvd
CVE-2025-34130P2HIGHCVSS 8.7Exploitedfixed in 2.0b60_202002072025-07-16
CVE-2025-34130 [HIGH] CWE-200 CVE-2025-34130: An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder (DVR) devices prior to
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the /z/zbin/net_html.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to facilitate further attacks including command inject
nvd