Path traversal in Merit LILIN Ent. Co., Ltd. products - #VU26287

Vulnerability identifier: #VU26287

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: N/A

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Merit LILIN Ent. Co., Ltd.

Affected software:
DHD516A
DHD508A
DHD504A
DHD316A
DHD308A
DHD304A
DHD204
DHD204A
DHD208
DHD208A
DHD216
DHD216A

The vulnerability allows a remote authenticated user to read arbitrary files on the system.

The vulnerability exists due to absent filtration of user-supplied data passed to /z/zbin/net_html.cgi URL. A remote authenticated user can view contents of arbitrary files on the system.

Note, this vulnerability can be exploited by non-authenticated attacker using hard-coded credentials issue (described in vulnerability #1).

Install updates from vendor's website.

• https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day-en/
• http://www.meritlilin.com/tw/support/file/type/Firmware
• https://www.meritlilin.com/assets/uploads/support/file/M00158-TW.pdf