Threat Encyclopedia

Lilin.Dvr_box.Command.Injection

Description

This indicates an attack attempt against a Command Injection vulnerability in Lilin DVR box.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application.

Affected Products

LILIN DHD516A 2.0b1_20191202-JPEG C4 panels
LILIN DHD516A 2.0b1_20180828-RTSP works
LILIN DHD508A 2.0b1_20180828-RTSP works
LILIN DHD504A 2.0b1_20191202-JPEG C4 panels
LILIN DHD504A 2.0b1_20190417-JPEG C4 panels
LILIN DHD316A 2.0b1_20180828
LILIN DHD316A 2.0b1_20171128 C4 Panels
LILIN DHD308A 2.0b1_20180828
LILIN DHD304A 2.0b1_20180828
LILIN DHD204 IP Camera 1.06_20151201
LILIN DHD204A IP Camera 2.0b60_20160223
LILIN DHD204A IP Camera 2.0b60_20161123
LILIN DHD208 IP Camera 2.0b60_20160504
LILIN DHD208A IP Camera 2.0b60_20160223
LILIN DHD208A IP Camera 2.0b60_20161123
LILIN DHD216 IP Camera 2.0b60 20151111
LILIN DHD216A IP Camera 2.0b60_20160223
LILIN DHD216A IP Camera 2.0b60_20161123

Impact

System Compromise: Remote attacker can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor
https://www.meritlilin.com/