Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LILIN DVR RCE via Malicious FTP/NTP Configuration
Vulnerability Description
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobot botnets.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
LILIN Digital Video Recorder 安全漏洞
Vulnerability Description
LILIN Digital Video Recorder是中国台湾利凌(LILIN)公司的一款录像机。 LILIN Digital Video Recorder 2.0b60_20200207之前版本存在安全漏洞,该漏洞源于命令注入,可能导致执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A