CVE-2024-22770 - Vulnerability Details - OpenCVE

Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hitron Systems	Dvr Hvr-4781 Dvr Hvr-4781 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hitron_systems:dvr_hvr-4781_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hitron_systems:dvr_hvr-4781:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.hitron.co.kr/firmware/

History

No history.

MITRE

Status: PUBLISHED

Assigner: krcert

Published: 2024-01-23T04:42:39.638Z

Updated: 2024-10-22T03:55:41.379Z

Reserved: 2024-01-11T07:18:23.099Z

Link: CVE-2024-22770

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-23T05:15:09.333

Modified: 2024-11-21T08:56:37.617

Link: CVE-2024-22770

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22770", "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "state": "PUBLISHED", "assignerShortName": "krcert", "dateReserved": "2024-01-11T07:18:23.099Z", "datePublished": "2024-01-23T04:42:39.638Z", "dateUpdated": "2024-10-22T03:55:41.379Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DVR HVR-16781", "vendor": "Hitron Systems", "versions": [{"changes": [{"at": "4.03", "status": "unaffected"}], "lessThanOrEqual": "4.02", "status": "affected", "version": "1.03", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW."}], "value": "Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW."}], "impacts": [{"capecId": "CAPEC-490", "descriptions": [{"lang": "en", "value": "CAPEC-490 Amplification"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert", "dateUpdated": "2024-01-23T05:01:20.892Z"}, "references": [{"url": "http://www.hitron.co.kr/firmware/"}], "source": {"discovery": "UNKNOWN"}, "title": "Hitron Systems DVR HVR-16781 Improper Input Validation Vulnerability ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:51:11.027Z"}, "title": "CVE Program Container", "references": [{"url": "http://www.hitron.co.kr/firmware/", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-05T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-22770"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T03:55:41.379Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hitron_systems:dvr_hvr-4781_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0B2D11E-277F-42C6-AA98-65A01E651009", "versionEndIncluding": "4.02", "versionStartIncluding": "1.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hitron_systems:dvr_hvr-4781:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC7DD2F2-717C-4472-9B5B-D66227159598", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW."}, {"lang": "es", "value": "La validaci\u00f3n de entrada incorrecta en Hitron Systems DVR HVR-16781 1.03~4.02 permite a un atacante provocar un ataque a la red en caso de utilizar el ID/PW de administrador predeterminado."}], "id": "CVE-2024-22770", "lastModified": "2024-11-21T08:56:37.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "vuln@krcert.or.kr", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-23T05:15:09.333", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Vendor Advisory"], "url": "http://www.hitron.co.kr/firmware/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.hitron.co.kr/firmware/"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "vuln@krcert.or.kr", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}