Merit LILIN｜NVR – OS Command Injection_CVE-2026-0854

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

AI Analysis

OS Command Injection vulnerability in Merit LILIN DVR/NVR models, allowing remote attackers to inject and execute arbitrary OS commands

Basic Information

ID CVE-2026-0854

Source twcert

Published Jan 12, 2026 at 05:58

Affected Product

Vendor Merit LILIN

Product DH032, DVR708, DVR716, DVR804, DVR808, DVR816, NVR100L, NVR200L, NVR400L, NVR1400L, NVR2400L, NVR3216, NVR3416, NVR3416r, NVR3816, NVR5832, NVR5832S, NVR5104E, NVR5208E, NVR5416E

Affected Versions Merit LILIN DH032 0
Merit LILIN DVR708 0
Merit LILIN DVR716 0
Merit LILIN DVR804 0
Merit LILIN DVR808 0
Merit LILIN DVR816 0
Merit LILIN NVR100L 0
Merit LILIN NVR200L 0
Merit LILIN NVR400L 0
Merit LILIN NVR1400L 0
Merit LILIN NVR2400L 0
Merit LILIN NVR3216 0
Merit LILIN NVR3416 0
Merit LILIN NVR3416r 0
Merit LILIN NVR3816 0
Merit LILIN NVR5832 0
Merit LILIN NVR5832S 0
Merit LILIN NVR5104E 0
Merit LILIN NVR5208E 0
Merit LILIN NVR5416E 0

CWE Classification

CWE-78

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Merit LILIN

Product DVR/NVR models

References

{
    "lastseen": "",
    "description": "Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.",
    "published": "2026-01-12T05:58:52.175Z",
    "modified": "2026-01-12T05:58:52.175Z",
    "type": "cve",
    "title": "Merit LILIN\uff5cNVR - OS Command Injection",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10624-6599c-1.html\nhttps://www.twcert.org.tw/en/cp-139-10623-4f523-2.html",
    "id": "CVE-2026-0854",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Merit LILIN DH032 0\nMerit LILIN DVR708 0\nMerit LILIN DVR716 0\nMerit LILIN DVR804 0\nMerit LILIN DVR808 0\nMerit LILIN DVR816 0\nMerit LILIN NVR100L 0\nMerit LILIN NVR200L 0\nMerit LILIN NVR400L 0\nMerit LILIN NVR1400L 0\nMerit LILIN NVR2400L 0\nMerit LILIN NVR3216 0\nMerit LILIN NVR3416 0\nMerit LILIN NVR3416r 0\nMerit LILIN NVR3816 0\nMerit LILIN NVR5832 0\nMerit LILIN NVR5832S 0\nMerit LILIN NVR5104E 0\nMerit LILIN NVR5208E 0\nMerit LILIN NVR5416E 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DH032, DVR708, DVR716, DVR804, DVR808, DVR816, NVR100L, NVR200L, NVR400L, NVR1400L, NVR2400L, NVR3216, NVR3416, NVR3416r, NVR3816, NVR5832, NVR5832S, NVR5104E, NVR5208E, NVR5416E",
    "version": "0",
    "vendor": "Merit LILIN",
    "ai_description": "OS Command Injection vulnerability in Merit LILIN DVR/NVR models, allowing remote attackers to inject and execute arbitrary OS commands",
    "ai_severity": "High",
    "ai_vendor": "Merit LILIN",
    "ai_product": "DVR/NVR models",
    "ai_version": "0",
    "ai_score": 8.7
}