CVE-2025-34132— LILIN DVR Command Injection via NTPUpdate in dvr_box

EPSS 0.69% · P72 Updated Mar 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-34132

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

LILIN DVR Command Injection via NTPUpdate in dvr_box

Source: NVD (National Vulnerability Database)

Vulnerability Description

A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvr_box fails to properly sanitize input, allowing remote attackers to inject and execute arbitrary commands as root by supplying specially crafted XML data to the DVRPOST interface.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

LILIN Digital Video Recorder 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

LILIN Digital Video Recorder是中国台湾利凌（LILIN）公司的一款录像机。 LILIN Digital Video Recorder 2.0b60_20200207之前版本存在安全漏洞，该漏洞源于命令注入，可能导致执行任意命令。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Merit LILIN	DVR Firmware	* ~ 2.0b60_20200207	-

II. Public POCs for CVE-2025-34132

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-34132

请登录查看更多情报信息。

Same Patch Batch · Merit LILIN · 2025-07-16 · 3 CVEs total

CVE-2025-34130		LILIN DVR Arbitrary File Read via net_html.cgi
CVE-2025-34129		LILIN DVR RCE via Malicious FTP/NTP Configuration

IV. Related Vulnerabilities

Same product: DVR Firmware

Same vendor: Merit LILIN

Same weakness: CWE-78

V. Comments for CVE-2025-34132

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-34132— LILIN DVR Command Injection via NTPUpdate in dvr_box

I. Basic Information for CVE-2025-34132

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-34132

III. Intelligence Information for CVE-2025-34132

Same Patch Batch · Merit LILIN · 2025-07-16 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-34132

Leave a comment