#VU26287 Path traversal in Merit LILIN Ent. Co., Ltd. Hardware solutions


Published: 2020-03-21

Vulnerability identifier: #VU26287

Vulnerability risk: High

CVSSv3.1: 7.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
DHD516A
Hardware solutions / Office equipment, IP-phones, print servers
DHD508A
Hardware solutions / Office equipment, IP-phones, print servers
DHD504A
Hardware solutions / Office equipment, IP-phones, print servers
DHD316A
Hardware solutions / Office equipment, IP-phones, print servers
DHD308A
Hardware solutions / Office equipment, IP-phones, print servers
DHD304A
Hardware solutions / Office equipment, IP-phones, print servers
DHD204
Hardware solutions / Office equipment, IP-phones, print servers
DHD204A
Hardware solutions / Office equipment, IP-phones, print servers
DHD208
Hardware solutions / Office equipment, IP-phones, print servers
DHD208A
Hardware solutions / Office equipment, IP-phones, print servers
DHD216
Hardware solutions / Office equipment, IP-phones, print servers
DHD216A
Hardware solutions / Office equipment, IP-phones, print servers

Vendor: Merit LILIN Ent. Co., Ltd.

Description

The vulnerability allows a remote authenticated user to read arbitrary files on the system.

The vulnerability exists due to absent filtration of user-supplied data passed to /z/zbin/net_html.cgi URL. A remote authenticated user can view contents of arbitrary files on the system.

Note, this vulnerability can be exploited by non-authenticated attacker using hard-coded credentials issue (described in vulnerability #1).

Mitigation
Install updates from vendor's website.

Vulnerable software versions

DHD516A: 2.0b1_20180828

DHD508A: 2.0b1_20180828

DHD504A: 2.0b1_20190417 - 2.0b1_20191202

DHD316A: 2.0b1_20171128 - 2.0b1_20180828

DHD308A: 2.0b1_20180828

DHD304A: 2.0b1_20180828

DHD204: 1.06_20151201

DHD204A: 2.0b60_20160223 - 2.0b60_20161123

DHD208: 2.0b60_20160504

DHD208A: 2.0b60_20160223 - 2.0b60_20161123

DHD216: 2.0b60_20151111

DHD216A: 2.0b60_20160223 - 2.0b60_20161123

External links
http://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day-en/
http://www.meritlilin.com/tw/support/file/type/Firmware
http://www.meritlilin.com/assets/uploads/support/file/M00158-TW.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Merit LILIN DVR devices