CVE-2026-0855 is an OS Command Injection vulnerability identified in certain Merit LILIN P2 IP camera models. The root cause is improper neutralization of special characters in OS commands (CWE-78), which allows an authenticated remote attacker to inject arbitrary commands that the device executes at the operating system level. The vulnerability requires the attacker to have valid credentials (low privilege required), but no user interaction beyond authentication is necessary. The attack vector is network-based, meaning the attacker can exploit this remotely over the network without physical access. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) indicates a high severity with no attack complexity and no user interaction, but requiring low privileges. The impact covers confidentiality, integrity, and availability, as arbitrary commands can lead to data leakage, device manipulation, or denial of service. No patches or known exploits are currently reported, but the vulnerability is publicly disclosed and thus may be targeted soon. This vulnerability is particularly critical for IP cameras used in surveillance and security contexts, as compromise could lead to unauthorized surveillance, network pivoting, or disruption of security monitoring. The lack of available patches necessitates interim mitigations to reduce exposure.

For European organizations, the exploitation of this vulnerability could lead to severe consequences. Compromise of IP cameras can result in unauthorized access to video feeds, violating privacy regulations such as GDPR. Attackers could use the compromised devices as footholds to move laterally within corporate or critical infrastructure networks, potentially disrupting operations or stealing sensitive data. The integrity of surveillance systems could be undermined, leading to blind spots or manipulated footage. Availability impacts could include denial of service on security devices, reducing situational awareness. Sectors such as government, transportation, energy, and manufacturing that rely heavily on IP-based surveillance are at heightened risk. The potential for espionage, sabotage, or ransomware attacks leveraging this vulnerability is significant. Additionally, the presence of this vulnerability in widely deployed devices could facilitate large-scale botnets or coordinated attacks if exploited en masse.

1. Immediately enforce strong authentication policies on all Merit LILIN P2 devices, including complex passwords and, if supported, multi-factor authentication. 2. Isolate IP cameras on dedicated VLANs or network segments with strict firewall rules to limit access only to authorized management stations. 3. Monitor network traffic for unusual command execution patterns or unexpected outbound connections from IP cameras. 4. Disable any unnecessary services or remote management interfaces on the affected devices to reduce attack surface. 5. Regularly audit device firmware versions and vendor advisories; apply security patches promptly once available. 6. Employ network intrusion detection systems (NIDS) with signatures or heuristics tuned to detect OS command injection attempts. 7. Consider replacing vulnerable devices with models from vendors with a stronger security track record if patches are delayed. 8. Conduct penetration testing and security assessments focused on IP camera infrastructure to identify and remediate weaknesses proactively.