Vulnerability identifier: #VU26287
Vulnerability risk: High
CVSSv3.1: 7.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-22
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
DHD516A
Hardware solutions /
Office equipment, IP-phones, print servers
DHD508A
Hardware solutions /
Office equipment, IP-phones, print servers
DHD504A
Hardware solutions /
Office equipment, IP-phones, print servers
DHD316A
Hardware solutions /
Office equipment, IP-phones, print servers
DHD308A
Hardware solutions /
Office equipment, IP-phones, print servers
DHD304A
Hardware solutions /
Office equipment, IP-phones, print servers
DHD204
Hardware solutions /
Office equipment, IP-phones, print servers
DHD204A
Hardware solutions /
Office equipment, IP-phones, print servers
DHD208
Hardware solutions /
Office equipment, IP-phones, print servers
DHD208A
Hardware solutions /
Office equipment, IP-phones, print servers
DHD216
Hardware solutions /
Office equipment, IP-phones, print servers
DHD216A
Hardware solutions /
Office equipment, IP-phones, print servers
Vendor: Merit LILIN Ent. Co., Ltd.
Description
The vulnerability allows a remote authenticated user to read arbitrary files on the system.
The vulnerability exists due to absent filtration of user-supplied data passed to /z/zbin/net_html.cgi
URL. A remote authenticated user can view contents of arbitrary files on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
DHD516A: 2.0b1_20180828
DHD508A: 2.0b1_20180828
DHD504A: 2.0b1_20190417 - 2.0b1_20191202
DHD316A: 2.0b1_20171128 - 2.0b1_20180828
DHD308A: 2.0b1_20180828
DHD304A: 2.0b1_20180828
DHD204: 1.06_20151201
DHD204A: 2.0b60_20160223 - 2.0b60_20161123
DHD208: 2.0b60_20160504
DHD208A: 2.0b60_20160223 - 2.0b60_20161123
DHD216: 2.0b60_20151111
DHD216A: 2.0b60_20160223 - 2.0b60_20161123
External links
http://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day-en/
http://www.meritlilin.com/tw/support/file/type/Firmware
http://www.meritlilin.com/assets/uploads/support/file/M00158-TW.pdf
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.