Main Vulnerability Database Vulnerabilities #VU85940

Use of default credentials in DVR HVR-8781 - CVE-2024-22769

Published: January 31, 2024

Vulnerability identifier: #VU85940

CSH Severity: Critical

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2024-22769

CWE-ID: CWE-1392

Exploitation vector: Adjecent network

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
DVR HVR-8781

Software vendor:
Hitron Systems

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Remediation

Install updates from vendor's website.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-04
https://www.akamai.com/blog/security-research/2024/jan/hitron-zero-day-vulnerability-spreading-mirai-patched

Use of default credentials in DVR HVR-8781 - CVE-2024-22769

Description

Remediation

External links

Please verify you're human