CVE-2024-22772 - OpenCVE

Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hitron Systems	Dvr Hvr-4781 Dvr Hvr-4781 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hitron_systems:dvr_hvr-4781_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hitron_systems:dvr_hvr-4781:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.hitron.co.kr/firmware/

History

No history.

MITRE

Status: PUBLISHED

Assigner: krcert

Published: 2024-01-23T04:52:06.708Z

Updated: 2024-08-01T22:51:11.167Z

Reserved: 2024-01-11T07:18:23.099Z

Link: CVE-2024-22772

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-23T05:15:09.800

Modified: 2024-01-29T15:52:25.997

Link: CVE-2024-22772

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22772", "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "state": "PUBLISHED", "assignerShortName": "krcert", "dateReserved": "2024-01-11T07:18:23.099Z", "datePublished": "2024-01-23T04:52:06.708Z", "dateUpdated": "2024-08-01T22:51:11.167Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DVR LGUVR-8H", "vendor": "Hitron Systems", "versions": [{"changes": [{"at": "4.03", "status": "unaffected"}], "lessThanOrEqual": "4.02", "status": "affected", "version": "1.02", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW."}], "value": "Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW."}], "impacts": [{"capecId": "CAPEC-490", "descriptions": [{"lang": "en", "value": "CAPEC-490 Amplification"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert", "dateUpdated": "2024-01-23T05:01:40.359Z"}, "references": [{"url": "http://www.hitron.co.kr/firmware/"}], "source": {"discovery": "UNKNOWN"}, "title": "Hitron Systems DVR LGUVR-8H Improper Input Validation Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:51:11.167Z"}, "title": "CVE Program Container", "references": [{"url": "http://www.hitron.co.kr/firmware/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hitron_systems:dvr_hvr-4781_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0B2D11E-277F-42C6-AA98-65A01E651009", "versionEndIncluding": "4.02", "versionStartIncluding": "1.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hitron_systems:dvr_hvr-4781:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC7DD2F2-717C-4472-9B5B-D66227159598", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW."}, {"lang": "es", "value": "La validaci\u00f3n de entrada incorrecta en Hitron Systems DVR LGUVR-8H 1.02~4.02 permite a un atacante provocar un ataque a la red en caso de utilizar el ID/PW de administrador predeterminado."}], "id": "CVE-2024-22772", "lastModified": "2024-01-29T15:52:25.997", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "vuln@krcert.or.kr", "type": "Secondary"}]}, "published": "2024-01-23T05:15:09.800", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Vendor Advisory"], "url": "http://www.hitron.co.kr/firmware/"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "vuln@krcert.or.kr", "type": "Secondary"}]}