Main Vulnerability Database Vulnerabilities #VU85942

Use of default credentials in DVR LGUVR-4H - CVE-2024-22771

Published: January 31, 2024

Vulnerability identifier: #VU85942

CSH Severity: Critical

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2024-22771

CWE-ID: CWE-1392

Exploitation vector: Adjecent network

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
DVR LGUVR-4H

Software vendor:
Hitron Systems

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Remediation

Install updates from vendor's website.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-04
https://www.akamai.com/blog/security-research/2024/jan/hitron-zero-day-vulnerability-spreading-mirai-patched

Use of default credentials in DVR LGUVR-4H - CVE-2024-22771

Description

Remediation

External links

Please verify you're human