EIP-2026-100852

PRE-CVE

Merit Lilin IP Cameras - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100852. PoCs published by Orwelllabs.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Merit Lilin IP Cameras, including CSRF, XSS, hard-coded credentials, and cleartext transmission of sensitive data. It provides technical details and PoC code for CSRF and XSS attacks.

Description

Merit Lilin IP Cameras - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by Orwelllabs · textwebappscgi

https://www.exploit-db.com/exploits/39746

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in Merit Lilin IP Cameras, including CSRF, XSS, hard-coded credentials, and cleartext transmission of sensitive data. It provides technical details and PoC code for CSRF and XSS attacks.

Classification

Writeup 95%

Attack Type

Xss | Auth Bypass | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Merit Lilin IP Cameras with firmware 1.4.36/1.2.02, OS Version: Linux 2.6.38/Linux 2.6.32

No auth needed

Prerequisites: Network access to the vulnerable IP camera

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1078 - Valid Accounts

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026