CVE-2025-34132 LILIN DVR Command Injection via NTPUpdate in dvr_box

A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvrbox fails to properly sanitize input, allowing remote attackers to inject and execute...

CVE-2025-34132

Summary: CVE-2025-34132 affects LILIN Digital Video Recorder (DVR) devices older than firmware version 2.0b60_20200207. The web service handling NTPUpdate config at /z/zbin/dvr_box does not properly sanitize input in the Server field, allowing a remote attacker to inject and execute arbitrary com...

CVE-2025-34132 LILIN DVR Command Injection via NTPUpdate in dvr_box

A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvrbox fails to properly sanitize input, allowing remote attackers to inject and execute...

LILIN Digital Video Recorder 安全漏洞

LILIN Digital Video Recorder is a video recorder from LILIN Corporation of Taiwan, China. A security vulnerability exists in LILIN Digital Video Recorder versions prior to 2.0b6020200207, which stems from a failure of the web service in /z/zbin/dvrbox to properly clean up the inputs to the Server...

Multiple DDoS Botnets Exploited 0-Day Flaws in LILIN DVR Surveillance Systems

Multiple zero-day vulnerabilities in digital video recorders DVRs for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots. The findings come from Chinese security firm Qihoo...