Zero-days in Hitron DVRs exploited to install Mirai-based malware

Zero-days in Hitron DVRs exploited to install Mirai-based malware

A Mirai-based botnet has been observed exploiting previously undisclosed vulnerabilities affecting multiple DVR device models manufactured by South Korean security equipment maker Hitron Systems.

The vulnerabilities have been discovered by Akamai researchers as part of their investigation into the InfectedSlurs botnet. Last year, InfectedSlurs was observed exploiting two remote code execution zero-day vulnerabilities to ensnare routers and video recorder (NVR) devices into a distributed denial-of-service (DDoS) botnet. At the time, Akamai didn’t share any details regarding zero-days and affected brands and models.

The six exploited zero-day vulnerabilities are CVE-2024-22768, CVE-2024-22769, CVE-2024-22770, CVE-2024-22771, CVE-2024-22771, CVE-2024-22771, CVE-2024-22771, CVE-2024-22772, CVE-2024-23842. All of them are described as a use of default credentials issue that could be exploited by a remote attacker to compromise the affected device.

“The vulnerability allows an authenticated attacker to achieve OS command injection with a payload delivered via a POST request to the management interface. In its current configuration, it is utilizing device default credentials in the captured payloads,” Akamai explained.

The impacted devices and firmware versions include DVR HVR-4781 versions 1.03 through 4.02, DVR HVR-8781 versions 1.03 through 4.02,

DVR HVR-16781 versions 1.03 through 4.02, DVR LGUVR-4H versions 1.02 through 4.02, DVR LGUVR-8H versions 1.02 through 4.02, DVR LGUVR-16H versions 1.02 through 4.02.

Hitron Systems has released new firmware versions to address the flaws. Users are advised to upgrade to firmware version 4.03 or newer for all impacted models as soon as possible.


Back to the list

Latest Posts

Cyber Security Week in Review: February 14, 2025

Cyber Security Week in Review: February 14, 2025

In brief: Microsoft patches actively exploited zero-days, Chinese hackers Salt Typhoon exploit Cisco flaws, the US and partners sanction Zservers, and more.
14 February 2025
Russian Sandworm APT targets critical sectors in BadPilot multi-year campaign

Russian Sandworm APT targets critical sectors in BadPilot multi-year campaign

The 'BadPilot' campaign involves a series of targeted cyberattacks leveraging bugs in widely used IT infrastructure software.
13 February 2025
Four key distributors of encrypted communications service Sky ECC arrested in Spain and Netherlands

Four key distributors of encrypted communications service Sky ECC arrested in Spain and Netherlands

The two men arrested in Spain are accused of overseeing the global distribution of Sky ECC devices and software.
12 February 2025