{“lastseen”:””,”description”:”Certain DVR\/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.”,”published”:”2026-01-12T05:58:52.175Z”,”modified”:”2026-01-12T05:58:52.175Z”,”type”:”cve”,”title”:”Merit LILIN\uff5cNVR – OS Command Injection”,”source”:”twcert”,”references”:”https:\/\/www.twcert.org.tw\/tw\/cp-132-10624-6599c-1.html\\nhttps:\/\/www.twcert.org.tw\/en\/cp-139-10623-4f523-2.html”,”id”:”CVE-2026-0854″,”bulletinFamily”:””,”cwe”:[“CWE-78″],”cvelist”:null,”sourceData”:”Merit LILIN DH032 0\\nMerit LILIN DVR708 0\\nMerit LILIN DVR716 0\\nMerit LILIN DVR804 0\\nMerit LILIN DVR808 0\\nMerit LILIN DVR816 0\\nMerit LILIN NVR100L 0\\nMerit LILIN NVR200L 0\\nMerit LILIN NVR400L 0\\nMerit LILIN NVR1400L 0\\nMerit LILIN NVR2400L 0\\nMerit LILIN NVR3216 0\\nMerit LILIN NVR3416 0\\nMerit LILIN NVR3416r 0\\nMerit LILIN NVR3816 0\\nMerit LILIN NVR5832 0\\nMerit LILIN NVR5832S 0\\nMerit LILIN NVR5104E 0\\nMerit LILIN NVR5208E 0\\nMerit LILIN NVR5416E 0″,”sourceHref”:””,”cvss”:{“score”:8.7,”severity”:”HIGH”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”DH032, DVR708, DVR716, DVR804, DVR808, DVR816, NVR100L, NVR200L, NVR400L, NVR1400L, NVR2400L, NVR3216, NVR3416, NVR3416r, NVR3816, NVR5832, NVR5832S, NVR5104E, NVR5208E, NVR5416E”,”version”:”0″,”vendor”:”Merit LILIN”,”ai_description”:”OS Command Injection vulnerability in Merit LILIN DVR\/NVR models, allowing remote attackers to inject and execute arbitrary OS commands”,”ai_severity”:”High”,”ai_vendor”:”Merit LILIN”,”ai_product”:”DVR\/NVR models”,”ai_version”:”0″,”ai_score”:8.7}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”Certain DVR\/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,19,12,15,13,7,11,5],"class_list":["post-35086","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-87","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n