PT-2025-29893 · Lilin · Lilin Digital Video Recorder
360 Netlab
·
Published
2025-07-16
·
Updated
2025-10-27
·
CVE-2025-34132
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
LILIN Digital Video Recorder (DVR) versions prior to 2.0b60 20200207
Description
A command injection issue exists in LILIN Digital Video Recorder (DVR) devices. The web service at
/z/zbin/dvr box does not properly sanitize input provided to the Server field within the NTPUpdate configuration. This allows remote attackers to inject and execute arbitrary commands as root by supplying crafted XML data to the DVRPOST interface.Recommendations
Update LILIN Digital Video Recorder (DVR) to version 2.0b60 20200207 or later.
Fix
OS Command Injection
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Lilin Digital Video Recorder