CVE-2024-22771 - Vulnerability Details - OpenCVE

Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00285.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Hitron Systems	Dvr Hvr-4781 Dvr Hvr-4781 Firmware
Hitronsystems	Dvr Lguvr-4h Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hitron_systems:dvr_hvr-4781_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hitron_systems:dvr_hvr-4781:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-20302	Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.hitron.co.kr/firmware/

History

Tue, 22 Oct 2024 04:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hitronsystems Hitronsystems dvr Lguvr-4h Firmware
CPEs		cpe:2.3:o:hitronsystems:dvr_lguvr-4h_firmware::::::::
Vendors & Products		Hitronsystems Hitronsystems dvr Lguvr-4h Firmware
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: krcert

Published: 2024-01-23T04:49:10.800Z

Updated: 2024-10-22T03:55:42.957Z

Reserved: 2024-01-11T07:18:23.099Z

Link: CVE-2024-22771

Vulnrichment

Updated: 2024-08-01T22:51:11.148Z

NVD

Status : Modified

Published: 2024-01-23T05:15:09.563

Modified: 2024-11-21T08:56:37.750

Link: CVE-2024-22771

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22771", "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "state": "PUBLISHED", "assignerShortName": "krcert", "dateReserved": "2024-01-11T07:18:23.099Z", "datePublished": "2024-01-23T04:49:10.800Z", "dateUpdated": "2024-10-22T03:55:42.957Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DVR LGUVR-4H", "vendor": "Hitron Systems", "versions": [{"changes": [{"at": "4.03", "status": "unaffected"}], "lessThanOrEqual": "4.02", "status": "affected", "version": "1.02", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW."}], "value": "Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW."}], "impacts": [{"capecId": "CAPEC-490", "descriptions": [{"lang": "en", "value": "CAPEC-490 Amplification"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert", "dateUpdated": "2024-01-23T05:01:29.532Z"}, "references": [{"url": "http://www.hitron.co.kr/firmware/"}], "source": {"discovery": "UNKNOWN"}, "title": "Hitron Systems DVR LGUVR-4H Improper Input Validation Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:51:11.148Z"}, "title": "CVE Program Container", "references": [{"url": "http://www.hitron.co.kr/firmware/", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "hitronsystems", "product": "dvr_lguvr-4h_firmware", "cpes": ["cpe:2.3:o:hitronsystems:dvr_lguvr-4h_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "01.02", "status": "affected", "lessThanOrEqual": "4.02", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-05T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-22771"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T03:55:42.957Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.hitron.co.kr/firmware/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:51:11.148Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22771", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-06T05:00:29.477800Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:hitronsystems:dvr_lguvr-4h_firmware:*:*:*:*:*:*:*:*"], "vendor": "hitronsystems", "product": "dvr_lguvr-4h_firmware", "versions": [{"status": "affected", "version": "01.02", "versionType": "custom", "lessThanOrEqual": "4.02"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T14:25:14.361Z"}}], "cna": {"title": "Hitron Systems DVR LGUVR-4H Improper Input Validation Vulnerability", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-490", "descriptions": [{"lang": "en", "value": "CAPEC-490 Amplification"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hitron Systems", "product": "DVR LGUVR-4H", "versions": [{"status": "affected", "changes": [{"at": "4.03", "status": "unaffected"}], "version": "1.02", "versionType": "custom", "lessThanOrEqual": "4.02"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://www.hitron.co.kr/firmware/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.", "supportingMedia": [{"type": "text/html", "value": "Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert", "dateUpdated": "2024-01-23T05:01:29.532Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22771", "state": "PUBLISHED", "dateUpdated": "2024-10-22T03:55:42.957Z", "dateReserved": "2024-01-11T07:18:23.099Z", "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "datePublished": "2024-01-23T04:49:10.800Z", "assignerShortName": "krcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hitron_systems:dvr_hvr-4781_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0B2D11E-277F-42C6-AA98-65A01E651009", "versionEndIncluding": "4.02", "versionStartIncluding": "1.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hitron_systems:dvr_hvr-4781:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC7DD2F2-717C-4472-9B5B-D66227159598", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW."}, {"lang": "es", "value": "La validaci\u00f3n de entrada incorrecta en Hitron Systems DVR LGUVR-4H 1.02~4.02 permite a un atacante provocar un ataque a la red en caso de utilizar el ID/PW de administrador predeterminado."}], "id": "CVE-2024-22771", "lastModified": "2024-11-21T08:56:37.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "vuln@krcert.or.kr", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-23T05:15:09.563", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Vendor Advisory"], "url": "http://www.hitron.co.kr/firmware/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.hitron.co.kr/firmware/"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "vuln@krcert.or.kr", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}