CVE-2025-34129

Name of the Vulnerable Software and Affected Versions LILIN Digital Video Recorder (DVR) versions prior to 2.0b60 20200207

Description A command injection issue exists due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This issue was exploited in the wild by the Moobot botnets.

Recommendations Update to firmware version 2.0b60 20200207 or later.