Key Information about the Vulnerability TVN ID: TVN-202601004 CVE ID: CVE-2026-0855 CVSS: 8.8 (High) - CVSS Vector: Affected Products: - IP Camera models: P2, P3, Z7, P6, V1, IPD, IPR, LD, LR series Description: - Certain IP Camera models by Merit LILIN have an OS Command Injection vulnerability. Authenticated remote attackers can inject and execute arbitrary OS commands on the device. Solution: - The IPD/IPR/LD/LR models are no longer supported, and replacement is recommended. For other affected models, refer to the official advisory (M00176) to update the firmware. Credit: - Li-Fan Cheng, Chih-Che Chang, Yu-Chieh Kuo, Shi-Yi Xie, Yuan-Chieh Chang, An-Wei Kung (NICS) Public Date: 2026-01-12 Links 1. CVE-2026-0855 2. Vendor Advisory