The vulnerability exploitation was uncovered by 360Netlab in August 2019. Several attack groups were using vulnerabilities in Lilin DVR firmware spread Chalubo, FBot, and Moobot botnets.
Chalubo, FBot, Moobot
Vulnerable component: DHD216A
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-798 - Use of Hard-coded Credentials
The vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, this vulnerability is being actively exploited in the wild since August 2019.