Primary

Context

Merit LILIN DVR/NVR OS Command Injection Vulnerability

Vulnerability

An OS command injection vulnerability has been identified in certain DVR/NVR models developed by Merit LILIN. This vulnerability allows authenticated remote attackers to inject arbitrary operating system commands and execute them on the device. Affected models include the DH032, DVR708, DVR716, DVR804, DVR808, DVR816, NVR100L, NVR200L, NVR400L, NVR1400L, NVR2400L, NVR3216, NVR3416, NVR3416r, NVR3816, NVR5832, NVR5832S, NVR5104E, NVR5208E, and NVR5416E, each with specific firmware version limitations.

Impact

Exploitation of this vulnerability allows for OS command injection, where an attacker can execute arbitrary commands on the device's operating system.

Remediation

Users are advised to update the firmware to a version that addresses this vulnerability. Please refer to the official advisory M00175 for guidance on the update process.

Added: Jan 12, 2026, 6:19 AM

Updated: Jan 12, 2026, 6:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Merit LILIN DVR/NVR OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating