CNNVD-202507-2285 Information
CNNVD ID
CNNVD-202507-2285
Related CVE
- CNNVD Published: 2025-07-16
Description (Chinese)
LILIN Digital Video Recorder是中国台湾利凌(LILIN)公司的一款录像机。 LILIN Digital Video Recorder 2.0b60_20200207之前版本存在安全漏洞,该漏洞源于/z/zbin/dvr_box的Web服务未能正确清理NTPUpdate配置中Server字段的输入,可能导致远程攻击者通过特制XML数据执行任意命令。
Description (English)
LILIN Digital Video Recoder is a video recorder of Lilin, a company in Taiwan, China. The LILIN Digital Video Reformer 2.0b60 20200207 pre-version contains a security loophole that originates from the failure of the Web service/z/zbin/dvr box to properly clean up the input of the Server field in the NTPUpdate configuration, which may result in the remote attacker carrying out an arbitrary order through the special XML data.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
利凌
Published
2025-07-16
Last Modified
2026-02-24
References
https://www.meritlilin.com/assets/uploads/support/file/M00158-TW.pdf https://www.vulncheck.com/advisories/lilin-dvr-multiple-vulnerabilities https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day/ https://ducklingstudio.blog.fc2.com/blog-entry-400.html https://access.redhat.com/security/cve/cve-2025-34132
Patch
https://www.meritlilin.com/tw/support/file/type/Firmware
Share on: