CVE-2024-22771 - OpenCVE

Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hitron Systems	Dvr Hvr-4781 Dvr Hvr-4781 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hitron_systems:dvr_hvr-4781_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hitron_systems:dvr_hvr-4781:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.hitron.co.kr/firmware/

History

No history.

MITRE

Status: PUBLISHED

Assigner: krcert

Published: 2024-01-23T04:49:10.800Z

Updated: 2024-08-29T14:25:47.771Z

Reserved: 2024-01-11T07:18:23.099Z

Link: CVE-2024-22771

Vulnrichment

Updated: 2024-08-01T22:51:11.148Z

NVD

Status : Analyzed

Published: 2024-01-23T05:15:09.563

Modified: 2024-01-29T15:53:04.917

Link: CVE-2024-22771

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22771", "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "state": "PUBLISHED", "assignerShortName": "krcert", "dateReserved": "2024-01-11T07:18:23.099Z", "datePublished": "2024-01-23T04:49:10.800Z", "dateUpdated": "2024-08-29T14:25:47.771Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DVR LGUVR-4H", "vendor": "Hitron Systems", "versions": [{"changes": [{"at": "4.03", "status": "unaffected"}], "lessThanOrEqual": "4.02", "status": "affected", "version": "1.02", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW."}], "value": "Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW."}], "impacts": [{"capecId": "CAPEC-490", "descriptions": [{"lang": "en", "value": "CAPEC-490 Amplification"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert", "dateUpdated": "2024-01-23T05:01:29.532Z"}, "references": [{"url": "http://www.hitron.co.kr/firmware/"}], "source": {"discovery": "UNKNOWN"}, "title": "Hitron Systems DVR LGUVR-4H Improper Input Validation Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:51:11.148Z"}, "title": "CVE Program Container", "references": [{"url": "http://www.hitron.co.kr/firmware/", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "hitronsystems", "product": "dvr_lguvr-4h_firmware", "cpes": ["cpe:2.3:o:hitronsystems:dvr_lguvr-4h_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "01.02", "status": "affected", "lessThanOrEqual": "4.02", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-06T05:00:29.477800Z", "id": "CVE-2024-22771", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T14:25:47.771Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.hitron.co.kr/firmware/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:51:11.148Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22771", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-06T05:00:29.477800Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:hitronsystems:dvr_lguvr-4h_firmware:*:*:*:*:*:*:*:*"], "vendor": "hitronsystems", "product": "dvr_lguvr-4h_firmware", "versions": [{"status": "affected", "version": "01.02", "versionType": "custom", "lessThanOrEqual": "4.02"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T14:25:14.361Z"}}], "cna": {"title": "Hitron Systems DVR LGUVR-4H Improper Input Validation Vulnerability", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-490", "descriptions": [{"lang": "en", "value": "CAPEC-490 Amplification"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hitron Systems", "product": "DVR LGUVR-4H", "versions": [{"status": "affected", "changes": [{"at": "4.03", "status": "unaffected"}], "version": "1.02", "versionType": "custom", "lessThanOrEqual": "4.02"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://www.hitron.co.kr/firmware/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.", "supportingMedia": [{"type": "text/html", "value": "Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert", "dateUpdated": "2024-01-23T05:01:29.532Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22771", "state": "PUBLISHED", "dateUpdated": "2024-08-29T14:25:47.771Z", "dateReserved": "2024-01-11T07:18:23.099Z", "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "datePublished": "2024-01-23T04:49:10.800Z", "assignerShortName": "krcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hitron_systems:dvr_hvr-4781_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0B2D11E-277F-42C6-AA98-65A01E651009", "versionEndIncluding": "4.02", "versionStartIncluding": "1.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hitron_systems:dvr_hvr-4781:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC7DD2F2-717C-4472-9B5B-D66227159598", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW."}, {"lang": "es", "value": "La validaci\u00f3n de entrada incorrecta en Hitron Systems DVR LGUVR-4H 1.02~4.02 permite a un atacante provocar un ataque a la red en caso de utilizar el ID/PW de administrador predeterminado."}], "id": "CVE-2024-22771", "lastModified": "2024-01-29T15:53:04.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "vuln@krcert.or.kr", "type": "Secondary"}]}, "published": "2024-01-23T05:15:09.563", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Vendor Advisory"], "url": "http://www.hitron.co.kr/firmware/"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "vuln@krcert.or.kr", "type": "Secondary"}]}