【Vulnerability Alert】Lilin | Surveillance Camera – OS Command Injection (CVE-2026-0855)

publish date : 2026-01-23 update date : 2026-01-23

Source: Ministry of education information & communication security contingency platform

"" "" "" 

Publication Number TACERT-ANA-2026011302010000 Publication Time 2026/01/13 14:44
Incident Type ANA-Vulnerability Alert Discovery Time
Impact Level Low  
[Subject]
【Vulnerability Alert】Lilin | Surveillance Camera – OS Command Injection (CVE-2026-0855)
[Content]
Forwarded from TWCERTCC-200-202601-00000008

【Lilin | Surveillance Camera – OS Command Injection】 (CVE-2026-0855, CVSS: 88) An OS Command Injection vulnerability exists in certain surveillance camera models developed by Lilin. An authenticated remote attacker can inject arbitrary operating system commands and execute them on the device.

(Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
Surveillance camera models in the P2 / P3 / Z7 / P6 / V1 / IPD / IPR / LD / LR series
[Recommended Actions]
The IPD / IPR / LD / LR models are no longer supported. Replacement is recommended. For the remaining affected models, please refer to the official advisory (M00176) to update the firmware to the appropriate version.

[Reference]
1. https://www.twcert.org.tw/tw/cp-132-10625-fac5c-1.html

2. https://www.meritlilin.com/security/indexch.html#Anchor
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center