A critical security flaw (CVE-2025-6561) in Hunt Electronics’ hybrid DVR systems allows unauthenticated attackers to remotely access plaintext administrator credentials.
Rated 9.8 on the CVSS scale (Critical), this vulnerability affects HBF-09KD and HBF-16NK models running firmware versions up to V3.1.67_1786 BB11115.
Attackers can directly retrieve system configuration files containing unencrypted credentials without authentication, enabling full device compromise and potential network infiltration.
The vulnerability stems from improper access controls (CWE-497) that fail to restrict unauthorized access to sensitive system configuration files.
Specifically:
system.conf filesm4.iotcplatform[.]com), expanding the attack surface through third-party SDK vulnerabilities like CVE-2021-28372.Successful exploitation enables:
This incident highlights systemic IoT supply-chain vulnerabilities where third-party components (like ThroughTek’s SDK) create hidden risks.
Enterprise security teams must:
text1. Implement network segmentation for surveillance systems
2. Deploy behavior-based anomaly detection
3. Maintain firmware update compliance
4. Audit third-party SDK dependencies in IoT devices[2][5]
The Taiwan CERT (TWNCERT) credited researchers Yu-Chieh Kuo, Shi-Yi Xie, and colleagues for discovering CVE-2025-6561.
As of June 27, 2025, no public exploits exist, but unpatched systems remain critically vulnerable to credential harvesting attacks.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
The post Hunt Electronic DVR Flaw Leaks Administrator Credentials in Plaintext appeared first on Cyber Security News.
A newly identified botnet campaign is actively exploiting a critical flaw in TBK digital video…
FORT WAYNE, Ind. (WOWO) – WOWO is gearing up for the 4th Annual “Penny Pitch…
Along with other county public health agencies, the Metro Nashville Department of Health will have…
Information about Memphis issues, including crime, may often be presented without context to explain it.…
Along with other county public health agencies, the Metro Nashville Department of Health will have…
Information about Memphis issues, including crime, may often be presented without context to explain it.…
This website uses cookies.