Command Injection Vulnerability in LILIN Digital Video Recorder Devices
CVE-2025-34129

8.7HIGH

Key Information:

Vendor

Merit Lilin

Status
Dvr Firmware
Vendor
CVE Published:
16 July 2025

What is CVE-2025-34129?

A command injection flaw has been detected in LILIN Digital Video Recorder (DVR) devices due to inadequate input validation in the FTP and NTP Server configuration fields. This vulnerability allows an attacker with access to the device's configuration interface to upload a malicious XML file containing malicious shell commands. These commands are subsequently executed with elevated permissions during configuration synchronizations, leading to a compromise of system integrity. The Moobot botnets have been identified as a group actively exploiting this vulnerability in the wild.

Affected Version(s)

DVR Firmware * < 2.0b60_20200207

References

https://blog.netlab.360.com/multiple-botnets-are-spreadin...
third-party-advisorytechnical-description
https://www.meritlilin.com/assets/uploads/support/file/M0...
vendor-advisorypatch
https://www.vulncheck.com/advisories/lilin-dvr-multiple-v...
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

360 Netlab
.
CVE-2025-34129 : Command Injection Vulnerability in LILIN Digital Video Recorder Devices