Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.Referenceshttps://www.twcert.org.tw/tw/cp-132-10624-6599c-1.htmlhttps://www.twcert.org.tw/en/cp-139-10623-4f523-2.html
