PT-2025-29892 · Lilin · Lilin Digital Video Recorder
360 Netlab
·
Published
2025-07-16
·
Updated
2025-07-17
·
CVE-2025-34130
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
LILIN Digital Video Recorder (DVR) versions prior to 2.0b60 20200207
Description
An unauthenticated arbitrary file read issue exists in LILIN Digital Video Recorder (DVR) devices. This allows attackers to read sensitive configuration files, such as
/zconf/service.xml, potentially leading to further attacks like command injection. The /z/zbin/net html.cgi endpoint is the entry point for this issue. This vulnerability has been exploited in the wild by botnets, including FBot and Moobot.Recommendations
Update LILIN Digital Video Recorder (DVR) to version 2.0b60 20200207 or later.
Fix
Missing Authentication
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Lilin Digital Video Recorder