CVE-2025-6561

Published: Jun 26, 2025Modified: Jun 26, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: twcert@cert.org.tw (Secondary)

Description

Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials.

Related CWEs

CWE-256

Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

References (2)

https://www.twcert.org.tw/en/cp-139-10200-6b567-2.html

Source: twcert@cert.org.tw

https://www.twcert.org.tw/tw/cp-132-10199-9c5c6-1.html

Source: twcert@cert.org.tw

Timeline

No history available yet.