Zero-Day Vulnerabilities In LILIN CCTV Cameras Under Active Exploit – Patch Now!

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

Multiple vulnerabilities exist in LILIN CCTV cameras that have attracted the attention of hackers. The zero-day bugs in LILIN CCTV cameras are currently under active exploitation, hence a need for immediate patching.

LILIN CCTV Cameras Zero-Day

Researchers from 360Netlab Threat Detection System have found many hackers attempting to exploit zero-day vulnerabilities in LILIN CCTV cameras.

As described in their blog post, hackers are actively exploiting the vulnerability to spread Chalubo, FBot, and Moobot botnets. With regard to the vulnerabilities, the researchers stated,

The LILIN 0-day vulnerability is made of 3 parts: hard-coded login credentials, /z/zbin/dvr_box command injection vulnerabilities and /z/zbin/net_html.cgi arbitrary file reading vulnerabilities, /z/zbin/dvr_box provides Web services, and its web interface /dvr/cmd and /cn/cmd have a command injection vulnerability. The injected parameters have been: NTPUpdate, FTP, and NTP.

Patch Rolled Out

The researchers first found the active exploitation of these zero-day vulnerabilities in August 2019. At that time, they found the attackers exploiting the bugs when spreading Chalubo. Then, beginning this year, they also noticed the cybercriminals targeting systems with FBot and Moobot by exploiting the flaws.

Consequently, owing to the continuous prompts sent to the vendors, LILIN eventually patched the flaws with the release of firmware 2.0b60_20200207. The vendors have marked these vulnerabilities as critical with a CVSS score of 10.0. As stated in their advisory, the detected vulnerabilities include,

-DDoS attacks to other Internet devices.
-Telnet gets opened by HTML CGI command.
-PPPoE gets changed to DHCP.
-Fixed host name injection issue for accessing NTP, FTP, DDNS, and MAIL servers.

The affected products include DHD516A, DHD508A, DHD504A, DHD316A, DHD308A, DHD304A, DHD204, DHD204A, DHD208, DHD208A, DHD216, DHD216A.

Users of all affected devices must ensure they update to the respective 2.0b1_20200122 firmware to stay protected from any attacks.

In case the update isn’t available to any user, the vendors advise disconnecting the vulnerable DVR from the internet.

Let us know your thoughts in the comments.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!