Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Hitron DVR Zero-Day Vulnerabilities Exploited by InfectedSlurs Botnet

Akamai flags six zero-day vulnerabilities in Hitron DVRs exploited to ensnare devices in the InfectedSlurs botnet.

Multiple DVR device models from South Korean manufacturer Hitron Systems are plagued by vulnerabilities that are actively exploited by the InfectedSlurs botnet, Akamai reports.

Based on the Mirai source code, InfectedSlurs ensnares vulnerable devices in a botnet capable of launching distributed denial-of-service (DDoS) attacks. Previously, it was seen targeting zero-day flaws in FXC routers and QNAP NVR devices.

After exposing the InfectedSlurs botnet’s activities in November 2023, Akamai has observed the botnet targeting Hitron DVRs for infection, and discovered a total of six vulnerabilities being exploited as zero-days.

Tracked as CVE-2024-22768 through CVE-2024-22772, and CVE-2024-23842, the security defects are described as improper input validation issues that allow an attacker to inject OS commands and achieve remote code execution (RCE).

The attacks rely on a POST request to the device management interface to deliver the malicious payload using default credentials.

Each of these flaws has a CVSS score of 7.4 and, according to the US cybersecurity agency CISA, each could allow “an attacker to cause a denial-of-service condition when using default admin name and password”.

Impacted devices include Hitron DVR HVR-4781, DVR HVR-8781, DVR HVR-16781, DVR LGUVR-4H, DVR LGUVR-8H, and DVR LGUVR-16H, when running firmware versions 1.02 through 4.02. Hitron released firmware version 4.03 to patch all vulnerabilities.

Akamai urges organizations and end users to update to the latest firmware releases as soon as possible and recommends changing default login credentials immediately, monitoring network traffic and logs, maintaining an inventory of connected devices, and always applying security updates in a timely fashion.

Advertisement. Scroll to continue reading.

Additionally, CISA recommends locating these devices behind firewalls, isolating them from business networks, ensuring they are not accessible from the internet, and using secure remote access methods, such as VPNs, to manage them.

“Addressing the security issues identified in the Hitron systems and associated devices requires a multifaceted approach, combining user awareness, prompt patching, proactive monitoring, and collaboration within the cybersecurity community,” Akamai notes.

KISA (Korea Internet & Security Agency) has issued an alert on these vulnerabilities along with individual advisories for each of them.

Related: Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal

Related: Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability

Related: CISA Says Critical Zyxel NAS Vulnerability Exploited in Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.