A Mirai-based botnet has been observed exploiting previously undisclosed vulnerabilities affecting multiple DVR device models manufactured by South Korean security equipment maker Hitron Systems.
The vulnerabilities have been discovered by Akamai researchers as part of their investigation into the InfectedSlurs botnet. Last year, InfectedSlurs was observed exploiting two remote code execution zero-day vulnerabilities to ensnare routers and video recorder (NVR) devices into a distributed denial-of-service (DDoS) botnet. At the time, Akamai didn’t share any details regarding zero-days and affected brands and models.
The six exploited zero-day vulnerabilities are CVE-2024-22768, CVE-2024-22769, CVE-2024-22770, CVE-2024-22771, CVE-2024-22771, CVE-2024-22771, CVE-2024-22771, CVE-2024-22772, CVE-2024-23842. All of them are described as a use of default credentials issue that could be exploited by a remote attacker to compromise the affected device.
“The vulnerability allows an authenticated attacker to achieve OS command injection with a payload delivered via a POST request to the management interface. In its current configuration, it is utilizing device default credentials in the captured payloads,” Akamai explained.
The impacted devices and firmware versions include DVR HVR-4781 versions 1.03 through 4.02, DVR HVR-8781 versions 1.03 through 4.02,
DVR HVR-16781 versions 1.03 through 4.02, DVR LGUVR-4H versions 1.02 through 4.02, DVR LGUVR-8H versions 1.02 through 4.02, DVR LGUVR-16H versions 1.02 through 4.02.
Hitron Systems has released new firmware versions to address the flaws. Users are advised to upgrade to firmware version 4.03 or newer for all impacted models as soon as possible.
