LILIN DVR RCE via Malicious FTP/NTP Configuration_CVE-2025-34129

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobot botnets.

Basic Information

ID CVE-2025-34129

Source VulnCheck

Published Jul 16, 2025 at 21:26

Modified Jul 22, 2025 at 14:10

Affected Product

Vendor Merit LILIN

Product DVR Firmware

Version *

Affected Versions Merit LILIN DVR Firmware *

CWE Classification

CWE-78 CWE-20

References

{
    "lastseen": "",
    "description": "A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobot botnets.",
    "published": "2025-07-16T21:26:32.446Z",
    "modified": "2025-07-22T14:10:50.946Z",
    "type": "cve",
    "title": "LILIN DVR RCE via Malicious FTP/NTP Configuration",
    "source": "VulnCheck",
    "references": "https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day/\nhttps://www.meritlilin.com/assets/uploads/support/file/M00158-TW.pdf\nhttps://www.vulncheck.com/advisories/lilin-dvr-multiple-vulnerabilities",
    "id": "CVE-2025-34129",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "Merit LILIN DVR Firmware *",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DVR Firmware",
    "version": "*",
    "vendor": "Merit LILIN",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}