Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2025-34130: CWE-306 Missing Authentication for Critical Function in Merit LILIN DVR Firmware

0
High
VulnerabilityCVE-2025-34130cvecve-2025-34130cwe-306cwe-200
Published: Wed Jul 16 2025 (07/16/2025, 21:26:42 UTC)
Source: CVE Database V5
Vendor/Project: Merit LILIN
Product: DVR Firmware

Description

CVE-2025-34130 is a high-severity vulnerability in Merit LILIN DVR firmware prior to version 2. 0b60_20200207 that allows unauthenticated attackers to perform arbitrary file reads via the /z/zbin/net_html. cgi endpoint. This flaw exposes sensitive configuration files like /zconf/service. xml, which can be leveraged to conduct further attacks such as command injection. The vulnerability stems from missing authentication controls on critical functions (CWE-306) and results in unauthorized disclosure of information (CWE-200). Exploitation requires no authentication or user interaction and can be performed remotely over the network. Although no official patches or fixes have been linked yet, the vulnerability has been observed being exploited by botnets like FBot and Moobot, indicating active threat activity. Organizations using vulnerable Merit LILIN DVR devices are at risk of compromise, data leakage, and potential device takeover. Immediate mitigation involves restricting network access to affected devices, monitoring for suspicious activity, and applying firmware updates once available.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 03/24/2026, 00:26:46 UTC

Technical Analysis

CVE-2025-34130 is a critical security vulnerability identified in Merit LILIN Digital Video Recorder (DVR) firmware versions prior to 2.0b60_20200207. The vulnerability exists due to missing authentication controls on a critical function accessible via the /z/zbin/net_html.cgi endpoint. This endpoint allows unauthenticated remote attackers to arbitrarily read files on the device filesystem, including sensitive configuration files such as /zconf/service.xml. The exposure of these configuration files can reveal credentials, network settings, or other sensitive parameters that facilitate subsequent attacks, including command injection vulnerabilities. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function) and CWE-200 (Information Exposure). The CVSS v4.0 base score is 8.7, indicating a high severity with network attack vector, no required privileges or user interaction, and high confidentiality impact. Although no official patches have been linked, the vulnerability has been exploited in the wild by botnets like FBot and Moobot, which use it to compromise devices for malicious purposes such as DDoS attacks or spreading malware. The flaw affects all firmware versions prior to 2.0b60_20200207, suggesting a broad impact on deployed devices. The lack of authentication on this critical endpoint represents a significant security design flaw in the affected DVR firmware.

Potential Impact

The impact of CVE-2025-34130 is significant for organizations using Merit LILIN DVR devices, especially those deployed in security-sensitive environments such as surveillance for critical infrastructure, government facilities, and enterprises. Successful exploitation allows attackers to read arbitrary files without authentication, leading to exposure of sensitive configuration data including credentials and network information. This can enable attackers to escalate privileges, perform command injection, and potentially gain full control over the DVR device. Compromised DVRs can be leveraged as entry points into internal networks, undermining overall security posture. Additionally, infected devices may be conscripted into botnets like FBot and Moobot, contributing to large-scale distributed denial-of-service (DDoS) attacks or other malicious campaigns. The vulnerability threatens confidentiality, integrity, and availability of the affected systems and can result in operational disruption, data breaches, and reputational damage.

Mitigation Recommendations

1. Immediately restrict network access to affected Merit LILIN DVR devices by placing them behind firewalls or network segmentation to limit exposure to untrusted networks, especially the internet. 2. Monitor network traffic and device logs for unusual activity indicative of exploitation attempts or botnet communication. 3. Disable or restrict access to the /z/zbin/net_html.cgi endpoint if possible through device configuration or network controls. 4. Coordinate with Merit LILIN support or vendors to obtain and apply firmware updates or patches as soon as they become available. 5. Implement strong network-level authentication and VPN access controls for remote management of DVR devices. 6. Conduct regular security assessments and vulnerability scans on DVR devices to detect outdated firmware or configuration weaknesses. 7. Consider replacing legacy or unsupported devices that cannot be patched or secured adequately. 8. Educate security teams about this vulnerability and incorporate detection signatures into intrusion detection/prevention systems (IDS/IPS).

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulnCheck
Date Reserved
2025-04-15T19:15:22.562Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 68781a21a83201eaacded28b

Added to database: 7/16/2025, 9:31:13 PM

Last enriched: 3/24/2026, 12:26:46 AM

Last updated: 3/24/2026, 10:49:48 PM

Views: 173

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses