Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202601-00000008

[Content Description]
【LILIN | Surveillance Camera - OS Command Injection】(CVE-2026-0855, CVSS: 88) Some surveillance camera models developed by LILIN contain an OS Command Injection vulnerability. An authenticated remote attacker can inject arbitrary operating system commands and execute them on the device.

[Affected Platforms]
Surveillance cameras P2/P3/Z7/P6/V1/IPD/IPR/LD/LR series models

[Recommended Actions]
Support for IPD/IPR/LD/LR models has been discontinued; replacement is recommended. For other affected models, please refer to the official announcement (M00176) for firmware updates.

[References]
1. https://www.twcert.org.tw/tw/cp-132-10625-fac5c-1.html
2. https://www.meritlilin.com/security/indexch.html#Anchor