LILIN CCTV Camera Zero-Day Vulnerabilities Under Active Exploit

Written by Connor

March 28, 2020

A number of vulnerabilities exist in LILIN CCTV cameras which have attracted the interest of hackers. The bugs in LILIN CCTV cameras are under active manipulation a demand for patching.

Hackers trying to exploit vulnerabilities have been discovered by researchers in Threat Detection Procedure.

As explained in their blog article, hackers are actively exploiting the vulnerability to disperse Chalubo, FBot, and Moobot botnets. With Respect to the vulnerabilities, the investigators

“The LILIN 0-day vulnerability consists of 3 components: hard-coded login credentials, /z/zbin/dvr_box control injection vulnerabilities and /z/zbin/net_html.cgi random file scanning vulnerabilities, /z/zbin/dvr_box offers Web solutions, and its own interface /dvr/cmd and /cn/cmd possess a control injection vulnerability. The injected parameters are NTPUpdate, FTP, and NTP.”

The researchers found the manipulation of those vulnerabilities that were zero-day in august 2019. They discovered that the attackers when dispersing Chalubo exploiting the bugs. Then they detected the cybercriminals targeting systems with Moobot and FBot by exploiting these same flaws.

Consequently, due to the constant prompts delivered to the sellers, LILIN finally restarting the defects with the launch of firmware 2.0b60_20200207. The sellers have indicated these vulnerabilities as crucial with a CVSS score of 10.0. According to their own advisory, the discovered vulnerabilities include,

  • DDoS attacks on other Internet devices.
  • Telnet gets started from the HTML CGI command.
  • PPPoE has shifted to DHCP.
  • Fixed hostname shooter difficulty for accessing NTP, FTP, DDNS, and MAIL servers.

The products include DHD508A, DHD516A DHD316A, DHD308A, DHD304A DHD204A DHD208A DHD216A.

Users of affected devices need to be certain they upgrade to the various 2.0b1_20200122 firmware to remain protected from any attacks.

In the event the upgrade is not readily available to some user, the sellers advise disconnecting the exposed DVR on the world wide web.

Related Articles

Coronavirus: Hackers are now launching Heaps of email scams Daily

Coronavirus: Hackers are now launching Heaps of email scams Daily

Hackers and crooks, from amateurs to professionally organized criminals, are employing the COVID-19 coronavirus outbreak as a chance to progress their aims in a time when a lot of their targets find themselves distracted, stressed and working from home....

Faster Load Times and better social media integration

Faster Load Times and better social media integration

In its current form, TheHackLabs is virtually finished, the search engine itself is now fully formed with our technology lookup tool working great! Work on the site has been more to improve the user experience over building out more features, we have closely...