SB2024013140 - Multiple vulnerabilities in Hitron Systems Security Camera DVRs 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024013140

SB2024013140 - Multiple vulnerabilities in Hitron Systems Security Camera DVRs

Published: January 31, 2024

Security Bulletin ID SB2024013140
Severity
Critical
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Critical 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Use of default credentials (CVE-ID: CVE-2024-22768)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.


2) Use of default credentials (CVE-ID: CVE-2024-22769)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

3) Use of default credentials (CVE-ID: CVE-2024-22770)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

4) Use of default credentials (CVE-ID: CVE-2024-22771)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

5) Use of default credentials (CVE-ID: CVE-2024-22772)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

6) Use of default credentials (CVE-ID: CVE-2024-23842)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Remediation

Install update from vendor's website.

References