CVE-2025-6562
BaseFortify
Publication date: 2025-06-26
Last updated on: 2025-06-26
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6562 is an OS Command Injection vulnerability in certain Hunt Electronic hybrid DVR models (HBF-09KD and HBF-16NK) running firmware version V3.1.67_1786 BB11115 and earlier. It allows remote attackers with regular user privileges to inject and execute arbitrary operating system commands on the affected devices without user interaction. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have a high impact on the affected devices, allowing attackers to execute arbitrary OS commands remotely. This can compromise the confidentiality, integrity, and availability of the device and its data, potentially leading to unauthorized access, data manipulation, or disruption of service. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to update the firmware of the affected Hunt Electronic hybrid DVR models (HBF-09KD and HBF-16NK) to version V3.1.70_1806 BB50604 or later. [1, 2]