A high-severity OS Command Injection vulnerability has been identified in certain IP camera models from Merit LILIN. This flaw allows an authenticated remote attacker to execute arbitrary commands on the device, potentially leading to a complete system compromise, unauthorized surveillance, or use of the device to attack other systems on the network.

The vulnerability exists within the web management interface of the affected IP cameras. An attacker who has successfully authenticated to the device can inject specially crafted OS commands into certain input fields. Because the device fails to properly sanitize this user-supplied input before passing it to the underlying operating system for execution, the injected commands are executed with the privileges of the web service, which may be root-level access.

This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation could have significant business consequences, including a breach of physical security through the compromise of video surveillance feeds, allowing an attacker to monitor sensitive areas. The compromised camera could also be used as a pivot point to launch further attacks against the internal network, exfiltrate data, or be co-opted into a botnet for use in Distributed Denial-of-Service (DDoS) attacks. This can lead to operational disruption, reputational damage, and potential regulatory non-compliance.

Immediate Action: Apply the security updates provided by the vendor (Merit LILIN) across all affected IP camera models immediately. After patching, review system and access logs for any signs of compromise or unusual command execution that may have occurred prior to the update.

Proactive Monitoring: Monitor network traffic for unusual outbound connections originating from the IP cameras. Review device logs for suspicious or malformed commands, unexpected reboots, or access from unauthorized IP addresses. Implement alerts for failed login attempts to detect brute-force attacks which could lead to the authentication needed for exploitation.

Compensating Controls: If immediate patching is not feasible, implement the following controls:

• Isolate the IP cameras on a dedicated, segmented network VLAN with strict firewall rules.
• Restrict access to the camera's management interface to a limited set of trusted administrative workstations or a secure management network.
• Ensure all camera accounts use strong, unique passwords to make the authentication prerequisite more difficult for an attacker to achieve.

Public Exploit Available: false

Given the high severity score (CVSS 8.8) and the potential for complete device takeover, immediate action is strongly recommended. Organizations should prioritize the deployment of the vendor-supplied patches to all affected devices. While this vulnerability is not currently listed on the CISA KEV list, its severity warrants urgent attention. Implementing compensating controls like network segmentation should be considered a standard security practice for all IoT and camera deployments to mitigate the risk of this and future vulnerabilities.