“Starting from August 30, 2019, 360Netlab Threat Detection System has flagged multiple attack groups using LILIN DVR 0-day vulnerabilities to spread Chalubo
The LILIN zero-day vulnerability is the chain of parts issues:
The zero-day flaw could allow attackers to modify a DVR’s configuration file and inject backdoor commands when the FTP or NTP server configurations are synchronized. Below the attack chain
According to Netlab, NTP time synchronization (NTPUpdate) process doesn’t check for special characters in the server passed as input, allowing attackers to inject and run commands.
The new firmware released by the vendors validated the hostname passed as input to prevent command execution.
“LILIN users should check and update their device firmwares in a timely fashion, and strong login credentials for the device should be enforced.” Netlab concludes.
“The relevant malicious IPs, URLs and domains should be blocked and investigated on
Netlab researchers also included the Indicators of Compromise (IoCs) in their report.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.