轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202601-00000008

[內容說明]
【利凌｜監控攝影機 - OS Command Injection】(CVE-2026-0855，CVSS：88) 利凌開發之部分監控攝影機型號存在OS Command Injection漏洞，已通過身分鑑別之遠端攻擊者可注入任意作業系統指令並於設備上執行。

[影響平台]
監控攝影機P2/ P3/ Z7/ P6/ V1/ IPD/ IPR/ LD/ LR系列型號

[建議措施]
IPD/IPR/LD/LR機種已停止支援，建議進行更換，其餘受影響機種請參考官方公告(M00176)進行韌體版本更新

[參考資料]
1. https://www.twcert.org.tw/tw/cp-132-10625-fac5c-1.html
2. https://www.meritlilin.com/security/indexch.html#Anchor

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202601-00000008

[Content Description]
【LILIN | Surveillance Camera - OS Command Injection】(CVE-2026-0855, CVSS: 88) Some surveillance camera models developed by LILIN contain an OS Command Injection vulnerability. An authenticated remote attacker can inject arbitrary operating system commands and execute them on the device.

[Affected Platforms]
Surveillance cameras P2/P3/Z7/P6/V1/IPD/IPR/LD/LR series models

[Recommended Actions]
Support for IPD/IPR/LD/LR models has been discontinued; replacement is recommended. For other affected models, please refer to the official announcement (M00176) for firmware updates.

[References]
1. https://www.twcert.org.tw/tw/cp-132-10625-fac5c-1.html
2. https://www.meritlilin.com/security/indexch.html#Anchor