【Vulnerability Alert】Lilin | Surveillance Host – OS Command Injection (CVE-2026-0854)

publish date : 2026-01-23 update date : 2026-01-23

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2026011302011313	Publication Time	2026/01/13 14:41
Incident Type	ANA-Vulnerability Alert	Discovery Time	2026/01/13 14:41
Impact Level	Low
[Subject] 【Vulnerability Alert】Lilin \| Surveillance Host – OS Command Injection (CVE-2026-0854)
[Content] Forwarded from TWCERTCC-200-202601-00000007 【Lilin \| Surveillance Host – OS Command Injection】 (CVE-2026-0854, CVSS: 8.8) An OS Command Injection vulnerability exists in certain surveillance host models developed by Lilin. An authenticated remote attacker can inject arbitrary operating system commands and execute them on the device. (Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] DH032: versions v1.0.28.3858 and earlier DVR708, DVR716: versions v1.3.4 and earlier DVR804, DVR808, DVR816: versions v1.3.4 and earlier NVR100L, NVR200L, NVR400L, NVR1400L, NVR2400L: versions v1.1.66 and earlier NVR3216, NVR3416, NVR3416r, NVR3816: versions v2.0.74.3921 and earlier NVR5832, NVR5832S: versions v4.0.24.4043 and earlier NVR5104E, NVR5208E, NVR5416E: versions v4.0.24.4078 and earlier
[Recommended Actions] Please refer to the official advisory (M00175) to update the firmware to the appropriate version.
[Reference] 1. https://www.twcert.org.tw/tw/cp-132-10624-6599c-1.html 2. https://www.meritlilin.com/security/indexch.html#Anchor

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center

Click Num:

Share