Critical severityNVD Advisory· Published Jul 16, 2025· Updated Apr 15, 2026
CVE-2025-34132
CVE-2025-34132
Description
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvr_box fails to properly sanitize input, allowing remote attackers to inject and execute arbitrary commands as root by supplying specially crafted XML data to the DVRPOST interface.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <2.0b60_20200207
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.