Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2025-34130: CWE-306 Missing Authentication for Critical Function in Merit LILIN DVR Firmware

0
High
VulnerabilityCVE-2025-34130cvecve-2025-34130cwe-306cwe-200
Published: Wed Jul 16 2025 (07/16/2025, 21:26:42 UTC)
Source: CVE Database V5
Vendor/Project: Merit LILIN
Product: DVR Firmware

Description

An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the /z/zbin/net_html.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to facilitate further attacks including command injection. The vulnerability has been exploited in the wild in conjunction with other issues by botnets like FBot and Moobot.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 03/05/2026, 14:01:37 UTC

Technical Analysis

CVE-2025-34130 is a critical security vulnerability identified in Merit LILIN Digital Video Recorder (DVR) firmware versions prior to 2.0b60_20200207. The vulnerability exists due to missing authentication (CWE-306) on the /z/zbin/net_html.cgi endpoint, which allows unauthenticated remote attackers to read arbitrary files on the device. Specifically, attackers can access sensitive configuration files such as /zconf/service.xml, which contain critical system and service information. This unauthorized file read capability can be chained with other vulnerabilities to perform more severe attacks, including command injection, potentially leading to full device compromise. The vulnerability is remotely exploitable without requiring any privileges or user interaction, increasing its risk profile. The CVSS 4.0 base score is 8.7 (high severity), reflecting the ease of exploitation and the high impact on confidentiality. Although no official patches are currently linked, the vulnerability has been actively exploited in the wild by botnets like FBot and Moobot, which use it to expand their foothold and conduct further malicious activities. The flaw affects all firmware versions prior to the specified fixed version, indicating a broad attack surface among deployed LILIN DVR devices worldwide.

Potential Impact

The impact of CVE-2025-34130 is significant for organizations deploying Merit LILIN DVR devices, especially those used in critical infrastructure, surveillance, and security monitoring. Successful exploitation leads to unauthorized disclosure of sensitive configuration data, which can reveal network settings, credentials, and system configurations. This information leakage facilitates subsequent attacks such as command injection, enabling attackers to execute arbitrary commands, potentially taking full control of the DVR device. Compromised DVRs can be used as entry points into internal networks, undermining overall organizational security. Additionally, attackers can incorporate these devices into botnets (as observed with FBot and Moobot), amplifying distributed denial-of-service (DDoS) attacks or other malicious campaigns. The vulnerability's remote, unauthenticated nature and lack of user interaction requirements make it highly exploitable, increasing the risk of widespread compromise and operational disruption.

Mitigation Recommendations

1. Network Segmentation: Isolate LILIN DVR devices on dedicated network segments with strict access controls to limit exposure to untrusted networks. 2. Access Control: Restrict access to the /z/zbin/net_html.cgi endpoint using firewall rules or network ACLs to trusted management hosts only. 3. Monitoring and Detection: Deploy network intrusion detection systems (NIDS) and endpoint monitoring to detect unusual access patterns or exploitation attempts targeting the vulnerable endpoint. 4. Firmware Updates: Monitor Merit LILIN advisories closely and apply firmware updates promptly once a patch for this vulnerability is released. 5. Credential Management: Change default and known credentials on all DVR devices to strong, unique passwords to reduce risk if configuration files are accessed. 6. Incident Response: Prepare to isolate and remediate compromised devices quickly, including reimaging or replacing affected DVRs if exploitation is detected. 7. Vendor Engagement: Engage with Merit LILIN support to obtain timelines for official patches and request interim mitigation guidance. 8. Disable Unused Services: Where possible, disable unnecessary services or endpoints on the DVR devices to reduce the attack surface.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulnCheck
Date Reserved
2025-04-15T19:15:22.562Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 68781a21a83201eaacded28b

Added to database: 7/16/2025, 9:31:13 PM

Last enriched: 3/5/2026, 2:01:37 PM

Last updated: 3/21/2026, 9:45:43 PM

Views: 172

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses