68 matches found
CVE-2025-34130
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...
CVE-2025-34132
A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvrbox fails to properly sanitize input, allowing remote attackers to inject and execute...
CVE-2025-34132
A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvrbox fails to properly sanitize input, allowing remote attackers to inject and execute...
CVE-2025-34129
A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicio...
CVE-2025-34130
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...
CVE-2025-34132
Summary: CVE-2025-34132 affects LILIN Digital Video Recorder (DVR) devices older than firmware version 2.0b60_20200207. The web service handling NTPUpdate config at /z/zbin/dvr_box does not properly sanitize input in the Server field, allowing a remote attacker to inject and execute arbitrary com...
CVE-2025-34132
A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvrbox fails to properly sanitize input, allowing remote attackers to inject and execute...
CVE-2025-34132 LILIN DVR Command Injection via NTPUpdate in dvr_box
A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvrbox fails to properly sanitize input, allowing remote attackers to inject and execute...
CVE-2025-34132 LILIN DVR Command Injection via NTPUpdate in dvr_box
A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvrbox fails to properly sanitize input, allowing remote attackers to inject and execute...
CVE-2025-34130 LILIN DVR Arbitrary File Read via net_html.cgi
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...
CVE-2025-34130
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...
CVE-2025-34130 LILIN DVR Arbitrary File Read via net_html.cgi
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...
CVE-2025-34130
CVE-2025-34130 affects LILIN Digital Video Recorder (DVR) devices up to firmware version 2.0b60_20200207. An unauthenticated arbitrary file read via the endpoint /z/zbin/net_html.cgi allows reading sensitive files such as /zconf/service.xml , enabling further attacks including command injection. ...
CVE-2025-34129 LILIN DVR RCE via Malicious FTP/NTP Configuration
A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicio...
CVE-2025-34129
CVE-2025-34129 affects LILIN Digital Video Recorder (DVR) devices prior to firmware 2.0b60_20200207. The root cause is insufficient sanitization of the FTP and NTP Server fields in the service configuration, allowing an attacker with access to the configuration interface to upload a malicious XML...
CVE-2025-34129
A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicio...
CVE-2025-34129 LILIN DVR RCE via Malicious FTP/NTP Configuration
A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicio...
LILIN Digital Video Recorder 安全漏洞
LILIN Digital Video Recorder is a video recorder from LILIN Taiwan, China. A security vulnerability exists in LILIN Digital Video Recorder versions prior to 2.0b6020200207, which originates from an arbitrary file read and could lead to the reading of sensitive configuration files...
PT-2025-29892 · Lilin · Lilin Digital Video Recorder
Name of the Vulnerable Software and Affected Versions: LILIN Digital Video Recorder DVR versions prior to 2.0b60 20200207 Description: An unauthenticated arbitrary file read issue exists in LILIN Digital Video Recorder DVR devices. This allows attackers to read sensitive configuration files, such...
LILIN Digital Video Recorder 安全漏洞
LILIN Digital Video Recorder is a video recorder from LILIN Taiwan, China. A security vulnerability exists in LILIN Digital Video Recorder versions prior to 2.0b6020200207, which originates from a command injection and may result in the execution of arbitrary commands...