Back to KEVs

CVE-2025-34130

LILIN DVR Arbitrary File Read via net_html.cgi

Basic Information

CVE State
PUBLISHED
Reserved Date
April 15, 2025
Published Date
July 16, 2025
Last Updated
July 17, 2025
Vendor
Merit LILIN
Product
DVR Firmware
Description
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the /z/zbin/net_html.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to facilitate further attacks including command injection. The vulnerability has been exploited in the wild in conjunction with other issues by botnets like FBot and Moobot.

CVSS Scores

CVSS v4.0

8.7 - HIGH

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS Score

Score
0.94% (Percentile: 75.19%) as of 2025-07-29

SSVC Information

Exploitation
none
Automatable
Yes
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2025-07-16 22:40:34 UTC) Source

References

https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day/ https://www.meritlilin.com/assets/uploads/support/file/M00158-TW.pdf https://www.vulncheck.com/advisories/lilin-dvr-multiple-vulnerabilities

Known Exploited Vulnerability Information

Source Added Date
CVE 2025-07-16 22:40:27 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel