VYPR

DVR

by LILIN

CVEs (3)

  • CVE-2025-34132CriJul 16, 2025
    risk 0.61cvss epss 0.02

    A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvr_box fails to properly sanitize input, allowing remote attackers to…

  • CVE-2025-34130HigJul 16, 2025
    risk 0.57cvss epss 0.01

    An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the /z/zbin/net_html.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml,…

  • CVE-2025-34129HigJul 16, 2025
    risk 0.57cvss epss 0.01

    A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface…