Hitron Systems, a South Korean DVR manufacturer, finds itself in the crosshairs of the notorious InfectedSlurs botnet, as reported by Akamai. The botnet, derived from the Mirai source code, has shifted its focus to exploit six zero-day vulnerabilities in Hitron DVRs, enabling distributed denial-of-service (DDoS) attacks. These vulnerabilities, tracked as CVE-2024-22768 through CVE-2024-22772 and CVE-2024-23842, expose critical flaws in input validation, allowing attackers to inject OS commands and execute remote code.
The modus operandi of the attacks involves a POST request to the device management interface, deploying the malicious payload via default credentials. Hitron DVR models such as HVR-4781, HVR-8781, HVR-16781, LGUVR-4H, LGUVR-8H, and LGUVR-16H are affected when running firmware versions 1.02 through 4.02. In response, Hitron has released firmware version 4.03 to address these vulnerabilities. Akamai stresses the urgency of updating to the latest firmware, changing default credentials, monitoring network traffic, and promptly applying security updates.
CISA recommends additional measures, including placing these devices behind firewalls, isolating them from business networks, and using secure remote access methods like VPNs. As a collaborative effort, KISA has issued an alert, emphasizing the need for user awareness, prompt patching, proactive monitoring, and community collaboration to address the multifaceted security challenges posed by Hitron systems and associated devices.