CVE-2024-22768

2024-01-2305:15:08

CWE-20

CWE-798

[email protected]

web.nvd.nist.gov

hitron systems

dvr

input validation

network attack

default credentials

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

15.9%

JSON

Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.

Affected configurations

NVD

Node

hitron_systemsdvr_hvr-4781Match-

AND

hitron_systemsdvr_hvr-4781_firmwareRange1.03–4.02

CPENameOperatorVersion
hitron_systems:dvr_hvr-4781_firmwarehitron systems dvr hvr-4781 firmwarele4.02

CPE	Name	Operator	Version
hitron_systems:dvr_hvr-4781_firmware	hitron systems dvr hvr-4781 firmware	le	4.02

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "DVR HVR-4781",
    "vendor": "Hitron Systems",
    "versions": [
      {
        "changes": [
          {
            "at": "4.03",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "4.02",
        "status": "affected",
        "version": "1.03",
        "versionType": "custom"
      }
    ]
  }
]