January 31, 2024 at 05:30AM
Multiple Hitron DVR device models are exploited by the InfectedSlurs botnet, utilizing vulnerabilities to launch DDoS attacks. Akamai reports discovering six zero-day vulnerabilities and urges immediate firmware updates and password changes. CISA advises isolating these devices, using VPNs, and collaborating for a comprehensive security approach. KISA has also issued alerts on these vulnerabilities.
Key takeaways from the meeting notes are as follows:
1. Hitron Systems’ DVRs are facing vulnerabilities actively exploited by the InfectedSlurs botnet, targeting six zero-day flaws tracked as CVE-2024-22768 through CVE-2024-22772, and CVE-2024-23842.
2. The security defects are described as improper input validation issues, allowing attackers to inject OS commands and achieve remote code execution (RCE) with a CVSS score of 7.4 for each flaw.
3. Impacted devices include Hitron DVR models HVR-4781, HVR-8781, HVR-16781, LGUVR-4H, LGUVR-8H, and LGUVR-16H, running firmware versions 1.02 through 4.02, which have been patched with firmware version 4.03.
4. Akamai urges prompt firmware updates, changing default login credentials, monitoring network traffic and logs, maintaining device inventory, and prompt application of security updates.
5. CISA recommends isolating the devices behind firewalls, ensuring they are not accessible from the internet, and using secure remote access methods such as VPNs.
6. KISA has issued an alert on these vulnerabilities along with individual advisories for each of them.
7. Akamai emphasizes a multifaceted approach for addressing the security issues, requiring user awareness, prompt patching, proactive monitoring, and collaboration within the cybersecurity community.
Related articles are:
– Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal
– Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability
– CISA Says Critical Zyxel NAS Vulnerability Exploited in Attacks