Main Vulnerability Database Vulnerabilities #VU85944

Use of default credentials in DVR LGUVR-16H - CVE-2024-23842

Published: January 31, 2024

Vulnerability identifier: #VU85944

CSH Severity: Critical

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2024-23842

CWE-ID: CWE-1392

Exploitation vector: Adjecent network

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
DVR LGUVR-16H

Software vendor:
Hitron Systems

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Remediation

Install updates from vendor's website.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-04
https://www.akamai.com/blog/security-research/2024/jan/hitron-zero-day-vulnerability-spreading-mirai-patched

Use of default credentials in DVR LGUVR-16H - CVE-2024-23842

Description

Remediation

External links

Please verify you're human