Multiple vulnerabilities in Hitron Systems Security Camera DVRs



Risk Critical
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2024-22768
CVE-2024-22769
CVE-2024-22770
CVE-2024-22771
CVE-2024-22772
CVE-2024-23842
CWE-ID CWE-1392
Exploitation vector Local network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerability #2 is being exploited in the wild.
Vulnerability #3 is being exploited in the wild.
Vulnerability #4 is being exploited in the wild.
Vulnerability #5 is being exploited in the wild.
Vulnerability #6 is being exploited in the wild.
Vulnerable software
DVR HVR-4781
Hardware solutions / Other hardware appliances

DVR HVR-8781
Hardware solutions / Other hardware appliances

DVR HVR-16781
Hardware solutions / Other hardware appliances

DVR LGUVR-4H
Hardware solutions / Other hardware appliances

DVR LGUVR-8H
Hardware solutions / Other hardware appliances

DVR LGUVR-16H
Hardware solutions / Other hardware appliances

Vendor Hitron Systems

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Use of default credentials

EUVDB-ID: #VU85939

Risk: Critical

CVSSv3.1: 9.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-22768

CWE-ID: CWE-1392 - Use of Default Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

DVR HVR-4781: 1.03 - 4.02

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-24-030-04
http://www.akamai.com/blog/security-research/2024/jan/hitron-zero-day-vulnerability-spreading-mirai-patched


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

2) Use of default credentials

EUVDB-ID: #VU85940

Risk: Critical

CVSSv3.1: 9.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-22769

CWE-ID: CWE-1392 - Use of Default Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

DVR HVR-8781: 1.03 - 4.02

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-24-030-04
http://www.akamai.com/blog/security-research/2024/jan/hitron-zero-day-vulnerability-spreading-mirai-patched


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

3) Use of default credentials

EUVDB-ID: #VU85941

Risk: Critical

CVSSv3.1: 9.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-22770

CWE-ID: CWE-1392 - Use of Default Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

DVR HVR-16781: 1.03 - 4.02

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-24-030-04
http://www.akamai.com/blog/security-research/2024/jan/hitron-zero-day-vulnerability-spreading-mirai-patched


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

4) Use of default credentials

EUVDB-ID: #VU85942

Risk: Critical

CVSSv3.1: 9.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-22771

CWE-ID: CWE-1392 - Use of Default Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

DVR LGUVR-4H: 1.02 - 4.02

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-24-030-04
http://www.akamai.com/blog/security-research/2024/jan/hitron-zero-day-vulnerability-spreading-mirai-patched


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

5) Use of default credentials

EUVDB-ID: #VU85943

Risk: Critical

CVSSv3.1: 9.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-22772

CWE-ID: CWE-1392 - Use of Default Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

DVR LGUVR-8H: 1.02 - 4.02

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-24-030-04
http://www.akamai.com/blog/security-research/2024/jan/hitron-zero-day-vulnerability-spreading-mirai-patched


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

6) Use of default credentials

EUVDB-ID: #VU85944

Risk: Critical

CVSSv3.1: 9.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-23842

CWE-ID: CWE-1392 - Use of Default Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

DVR LGUVR-16H: 1.02 - 4.02

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-24-030-04
http://www.akamai.com/blog/security-research/2024/jan/hitron-zero-day-vulnerability-spreading-mirai-patched


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###