Main Vulnerability Database Vulnerabilities #VU85939

Use of default credentials in DVR HVR-4781 - CVE-2024-22768

Published: January 31, 2024

Vulnerability identifier: #VU85939

CSH Severity: Critical

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2024-22768

CWE-ID: CWE-1392

Exploitation vector: Adjecent network

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
DVR HVR-4781

Software vendor:
Hitron Systems

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Remediation

Install updates from vendor's website.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-04
https://www.akamai.com/blog/security-research/2024/jan/hitron-zero-day-vulnerability-spreading-mirai-patched

Use of default credentials in DVR HVR-4781 - CVE-2024-22768

Description

Remediation

External links

Please verify you're human