Yuan-Chieh Chang

**Name of the Vulnerable Software and Affected Versions** Merit LILIN DVR/NVR models (affected versions not specified) Merit Lilin DH032 (affected versions not specified) **Description** An authenticated remote attacker can inject arbitrary OS commands on Merit LILIN DVR/NVR devices and execute them. This is due to an OS Command Injection issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Merit LILIN IP Camera models (affected versions not specified) **Description** Certain IP Camera models developed by Merit LILIN are susceptible to an OS Command Injection issue. Authenticated remote attackers can exploit this to inject and execute arbitrary OS commands on the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.