Primary

Context

Hunt Electronic Hybrid DVR OS Command Injection Vulnerability

Vulnerability

An OS command injection vulnerability has been identified in certain hybrid DVR models from Hunt Electronic, specifically the HBF-09KD and HBF-16NK. This vulnerability allows remote attackers with regular privileges to inject and execute arbitrary operating system commands on the affected devices. The issue is present in firmware versions V3.1.67_1786 BB11115 and earlier.

Impact

Exploitation of this vulnerability allows for arbitrary OS command execution on the affected DVRs.

Remediation

Users are advised to update the DVR firmware to version V3.1.70_1806 BB50604 or later.

Added: Jun 26, 2025, 1:17 PM

Updated: Jun 26, 2025, 1:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hunt Electronic Hybrid DVR OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating