Lucene search

KrcertCVELIST:CVE-2024-22771

HistoryJan 23, 2024 - 4:49 a.m.

CVE-2024-22771 Hitron Systems DVR LGUVR-4H Improper Input Validation Vulnerability

2024-01-2304:49:10

CWE-20

krcert

www.cve.org

cve-2024-22771

hitron systems

dvr

lguvr-4h

input validation

network attack

default admin

security vulnerability

7.4 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

16.0%

JSON

Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "DVR LGUVR-4H",
    "vendor": "Hitron Systems",
    "versions": [
      {
        "changes": [
          {
            "at": "4.03",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "4.02",
        "status": "affected",
        "version": "1.02",
        "versionType": "custom"
      }
    ]
  }
]

References

www.hitron.co.kr/firmware/

7.4 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

16.0%

JSON

Related for CVELIST:CVE-2024-22771