CVE-2025-34129
HIGH EXPLOITEDLILIN DVR <2.0b60_20200207 - Command Injection
Title source: llmExploitation Summary
CVE-2025-34129 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobot botnets.
References (3)
Core 3
Core References
Various Sources third-party-advisory
technical-description
https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day/
Various Sources vendor-advisory
patch
https://www.meritlilin.com/assets/uploads/support/file/M00158-TW.pdf
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/lilin-dvr-multiple-vulnerabilities
Scores
CVSS v4
8.7
EPSS
0.0108
EPSS Percentile
60.7%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2020-03-20
CWE
CWE-20
CWE-78
Status
published
Products (1)
Merit LILIN/DVR Firmware
< 2.0b60_20200207
Published
Jul 16, 2025
Tracked Since
Feb 18, 2026