CVE-2022-47618 CRITICAL

CVE-2022-47618: Merit Lilin Ent. Co., Ltd. AH55B04 & AH55B08 DVR - Hard-coded Credentials

Vendor Merit Lilin Ent. Co., Ltd.

Product AH55B04 DVR firmware

Weakness CWE-798 · Hardcoded credentials

Published January 3, 2023

Last update April 10, 2025

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service.

Key dates

02Disclosure timeline

January 3, 2023 CVE published

April 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-47618 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/798.html

Related vulnerabilities

Identifiers

CVE CVE-2022-47618

CWE CWE-798

CVSS 9.8 / CRITICAL

Affected versions

Vendor Merit Lilin Ent. Co., Ltd.

Product AH55B04 DVR firmware

Affected ≥ unspecified and ≤ SVN#7570

Vendor Merit Lilin Ent. Co., Ltd.

Product AH55B08 DVR firmware

Affected ≥ unspecified and ≤ SVN#7570

CVE-2022-47618: Merit Lilin Ent. Co., Ltd. AH55B04 & AH55B08 DVR - Hard-coded Credentials

01Description

02Disclosure timeline

03References

04Related CVE