CVE-2025-34129 HIGH

CVE-2025-34129: LILIN DVR RCE via Malicious FTP/NTP Configuration

Vendor Merit Lilin

Product DVR Firmware

Weakness CWE-78

Published July 16, 2025

Last update May 15, 2026

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobot botnets.

Key dates

02Disclosure timeline

July 16, 2025 CVE published

May 15, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-34129

Related vulnerabilities

CVE-2025-34129: LILIN DVR RCE via Malicious FTP/NTP Configuration

01Description

02Disclosure timeline

03References

04Related CVE