CVE-2025-6561
BaseFortify
Publication date: 2025-06-26
Last updated on: 2025-06-26
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
| CWE-256 | The product stores a password in plaintext within resources such as memory or files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects certain Hunt Electronic hybrid DVR models (HBF-09KD and HBF-16NK) with firmware versions V3.1.67_1786 BB11115 and earlier. It allows unauthenticated remote attackers to directly access a system configuration file, exposing sensitive information including plaintext administrator credentials. This means attackers can gain unauthorized access to critical system data without needing any privileges or user interaction. [1, 2]
How can this vulnerability impact me? :
The vulnerability can lead to a full compromise of the system's confidentiality, integrity, and availability. Attackers obtaining administrator credentials can take complete control over the affected DVR devices, potentially leading to unauthorized surveillance, data breaches, and disruption of services. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the firmware of the affected Hunt Electronic hybrid DVR models (HBF-09KD and HBF-16NK) to version V3.1.70_1806 BB50604 or later. [1, 2]