[Security Vulnerability Alert] LILIN | Monitoring Host - OS Command Injection (CVE-2026-0854)

 
2026/1/14 ~ 2026/7/14
View Count:34

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202601-00000007

[Content Description]
【LILIN | Monitoring Host - OS Command Injection】(CVE-2026-0854, CVSS: 8.8) Some monitoring host models developed by LILIN contain an OS Command Injection vulnerability. An authenticated remote attacker can inject arbitrary operating system commands and execute them on the device.

[Affected Platforms]
DH032: Versions prior to v1.0.28.3858 (inclusive)
DVR708, DVR716: Versions prior to v1.3.4 (inclusive)
DVR804, DVR808, DVR816: Versions prior to v1.3.4 (inclusive)
NVR100L, NVR200L, NVR400L, NVR1400L, NVR2400L: Versions prior to v1.1.66 (inclusive)
NVR3216, NVR3416, NVR3416r, NVR3816: Versions prior to v2.0.74.3921 (inclusive)
NVR5832, NVR5832S: Versions prior to v4.0.24.4043 (inclusive)
NVR5104E, NVR5208E, NVR5416E: Versions prior to v4.0.24.4078

[Recommended Action]
Please refer to the official announcement (M00175) for firmware updates.

[References]
1. https://www.twcert.org.tw/tw/cp-132-10624-6599c-1.html
2. https://www.meritlilin.com/security/indexch.html#Anchor

Files
system_update_alt參考資料1
system_update_alt參考資料2
【Back】
Top↑