Merit LILIN｜IP Camera – OS Command Injection_CVE-2026-0855

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

AI Analysis

OS Command Injection vulnerability in Merit LILIN IP Camera models, allowing remote attackers to inject and execute arbitrary OS commands.

Basic Information

ID CVE-2026-0855

Source twcert

Published Jan 12, 2026 at 06:44

Affected Product

Vendor Merit LILIN

Product P2

Affected Versions Merit LILIN P2 0
Merit LILIN P3 0
Merit LILIN Z7 0
Merit LILIN P6 0
Merit LILIN V1 0
Merit LILIN IPD 0
Merit LILIN IPR 0
Merit LILIN LD 0
Merit LILIN LR 0

CWE Classification

CWE-78

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Merit LILIN

Product IP Camera

Version P2 0, P3 0, Z7 0, P6 0, V1 0, IPD 0, IPR 0, LD 0, LR 0

References

{
    "lastseen": "",
    "description": "Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.",
    "published": "2026-01-12T06:44:40.227Z",
    "modified": "2026-01-12T06:44:40.227Z",
    "type": "cve",
    "title": "Merit LILIN\uff5cIP Camera - OS Command Injection",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10625-fac5c-1.html\nhttps://www.twcert.org.tw/en/cp-139-10626-afbe2-2.html",
    "id": "CVE-2026-0855",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Merit LILIN P2 0\nMerit LILIN P3 0\nMerit LILIN Z7 0\nMerit LILIN P6 0\nMerit LILIN V1 0\nMerit LILIN IPD 0\nMerit LILIN IPR 0\nMerit LILIN LD 0\nMerit LILIN LR 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "P2",
    "version": "0",
    "vendor": "Merit LILIN",
    "ai_description": "OS Command Injection vulnerability in Merit LILIN IP Camera models, allowing remote attackers to inject and execute arbitrary OS commands.",
    "ai_severity": "High",
    "ai_vendor": "Merit LILIN",
    "ai_product": "IP Camera",
    "ai_version": "P2 0, P3 0, Z7 0, P6 0, V1 0, IPD 0, IPR 0, LD 0, LR 0",
    "ai_score": 8.7
}