High severityNVD Advisory· Published Jul 16, 2025· Updated Apr 15, 2026

CVE-2025-34129

Description

A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobot botnets.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day/nvd
www.meritlilin.com/assets/uploads/support/file/M00158-TW.pdfnvd
www.vulncheck.com/advisories/lilin-dvr-multiple-vulnerabilitiesnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000