CVE-2025-34130 – LILIN Digital Video Recorder (DVR) Unauthenticated Arbitrary File Read Vulnerability

July 16, 2025

CVE ID : CVE-2025-34130

Published : July 16, 2025, 10:15 p.m. | 4 hours, 47 minutes ago

Description : An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the /z/zbin/net_html.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to facilitate further attacks including command injection. The vulnerability has been exploited in the wild in conjunction with other issues by botnets like FBot and Moobot.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-34132 – LILIN DVR Command Injection Vulnerability

Next Article CVE-2025-34129 – LILIN Digital Video Recorder (DVR) Command Injection Vulnerability

Highlights

CVE-2025-5286 – WordPress Bold Page Builder Stored Cross-Site Scripting Vulnerability

May 29, 2025

CVE ID : CVE-2025-5286

Published : May 29, 2025, 9:15 a.m. | 15 minutes ago

Description : The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘additional_settings’ parameter in all versions up to, and including, 5.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Too many open browser tabs? This is still my favorite solution – and has been for years

This new browser won’t monetize your every move – how to try it

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

The details of TC39’s last meeting

The details of TC39’s last meeting

Notes Android App Using SQLite

How to Get Security Patches for Legacy Unsupported Node.js Versions

KeySmith – SSH key management

KeySmith – SSH key management

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

CVE-2025-34130 – LILIN Digital Video Recorder (DVR) Unauthenticated Arbitrary File Read Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

ChatGPT Starts Speaking Like a Demon, Users Say It’s ‘Straight Out of a Horror Movie’

CVE-2025-5570 – WordPress AI Engine Plugin Stored Cross-Site Scripting vulnerabilit

8 Best Free Security WordPress Plugins

How To Create Kinetic Image Animations with React-Three-Fiber

CVE-2025-5286 – WordPress Bold Page Builder Stored Cross-Site Scripting Vulnerability

AWS costs estimation using Amazon Q CLI and AWS Cost Analysis MCP

A software-defined radio can derail a US train by slamming the brakes on remotely

Qualcomm’s new Adreno Control Panel will let you fine-tune the GPU for certain games on Snapdragon X Elite devices

CVE-2025-34130 – LILIN Digital Video Recorder (DVR) Unauthenticated Arbitrary File Read Vulnerability

Related Posts