Main Vulnerability Database Vulnerabilities #VU85943

Use of default credentials in DVR LGUVR-8H - CVE-2024-22772

Published: January 31, 2024

Vulnerability identifier: #VU85943

CSH Severity: Critical

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2024-22772

CWE-ID: CWE-1392

Exploitation vector: Adjecent network

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
DVR LGUVR-8H

Software vendor:
Hitron Systems

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Remediation

Install updates from vendor's website.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-04
https://www.akamai.com/blog/security-research/2024/jan/hitron-zero-day-vulnerability-spreading-mirai-patched

Use of default credentials in DVR LGUVR-8H - CVE-2024-22772

Description

Remediation

External links

Please verify you're human