6 matches found
EUVD-2025-21741
Malicious code in bioql PyPI...
CVE-2025-34130
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...
CVE-2025-34132
A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvrbox fails to properly sanitize input, allowing remote attackers to inject and execute...
CVE-2025-34130
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...
CVE-2025-34132
Summary: CVE-2025-34132 affects LILIN Digital Video Recorder (DVR) devices older than firmware version 2.0b60_20200207. The web service handling NTPUpdate config at /z/zbin/dvr_box does not properly sanitize input in the Server field, allowing a remote attacker to inject and execute arbitrary com...
CVE-2025-34130
CVE-2025-34130 affects LILIN Digital Video Recorder (DVR) devices up to firmware version 2.0b60_20200207. An unauthenticated arbitrary file read via the endpoint /z/zbin/net_html.cgi allows reading sensitive files such as /zconf/service.xml , enabling further attacks including command injection. ...