CVE-2024-22769
published 2024-01-23CVE-2024-22769: Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
PriorityP278high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.50%
38.8th percentile
Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hitron | hvr-8781_firmware | >= 1.03 < 4.03 | 4.03 |
| hitron_systems | dvr_hvr-8781 | 1.03 – 4.02 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vulncheck7.4HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f282-55f7-242h: Improper Input Validation in Hitron Systems DVR HVR-8781 1
ghsa_unreviewed·2024-01-23
CVE-2024-22769 [HIGH] CWE-20 GHSA-f282-55f7-242h: Improper Input Validation in Hitron Systems DVR HVR-8781 1
Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
VulnCheck
hitron hvr-8781_firmware Improper Input Validation
vulncheck·2024·CVSS 7.4
CVE-2024-22769 [HIGH] hitron hvr-8781_firmware Improper Input Validation
hitron hvr-8781_firmware Improper Input Validation
Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
Affected: hitron hvr-8781_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.akamai.com/blog/security-research/hitron-zero-day-vulnerability-spreading-mirai-patched
CISA ICS
Hitron Systems Security Camera DVR
cisa_ics·2024-01-30·CVSS 7.4
[HIGH] Hitron Systems Security Camera DVR
ICS Advisory
##
Hitron Systems Security Camera DVR
Release DateJanuary 30, 2024
Alert CodeICSA-24-030-04
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.1
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation
- Vendor: Hitron Systems
- Equipment: DVR
- Vulnerability: Improper Input Validation
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to affect the availability of the product through exploitation of an improper input validation vulnerability and default credentials.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Hitron Systems DVR, a digital video recorder, are affected:
- DVR HVR-4781: Versions 1.03 through 4.02
- DV
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-01-23
Published
Exploited in the wild