CVE-2025-34132 – LILIN DVR Command Injection Vulnerability

CVE ID : CVE-2025-34132

Published : July 16, 2025, 10:15 p.m. | 21 minutes ago

Description : A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvr_box fails to properly sanitize input, allowing remote attackers to inject and execute arbitrary commands as root by supplying specially crafted XML data to the DVRPOST interface. 777

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…