CVE-2025-34129 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-34129 PUBLISHED CVSS 8.699999809265137 HIGH

A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobot botnets.

EPSS 0.21% · 42.7th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.21%

42.7th percentile

Affected Products

Vendor	Product	Versions
tvt	dvr_firmware	0
Merit LILIN	DVR Firmware	*

Timeline

Mar 20, 2020 VulnCheck KEV Exploitation
Jul 16, 2025 VulnCheck KEV Exploitation
Jul 16, 2025 CVE Published
Jul 16, 2025 PoC Published
Jul 16, 2025 PoC Published
Jul 17, 2025 EPSS Score
Jul 17, 2025 PoC Published
Jul 26, 2025 EPSS Score
Aug 3, 2025 EPSS Score
Aug 12, 2025 EPSS Score
Aug 21, 2025 EPSS Score
Aug 29, 2025 EPSS Score

References

https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day/ third-party-advisory
https://www.meritlilin.com/assets/uploads/support/file/M00158-TW.pdf vendor-advisory
https://www.vulncheck.com/advisories/lilin-dvr-multiple-vulnerabilities third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-34129 advisory
https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day url

Open in Interactive Console →