CVE-2026-0855

Summary

Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

Affected Software

VendorProductVersion RangeStatus
Merit LILINP20affected
Merit LILINP30affected
Merit LILINZ70affected
Merit LILINP60affected
Merit LILINV10affected
Merit LILINIPD0affected
Merit LILINIPR0affected
Merit LILINLD0affected
Merit LILINLR0affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References