CVE-2025-6562

Name of the Vulnerable Software and Affected Versions: Hunt Electronic DVR models HBF-09KD and HBF-16NK

Description: The issue allows remote attackers with regular privileges to inject arbitrary OS commands and execute them on the device. This is due to an OS Command Injection vulnerability.

Recommendations: For HBF-09KD and HBF-16NK models, consider restricting access to the device until a patch is available. As a temporary workaround, limit the privileges of remote users to minimize the risk of exploitation. Avoid using the device for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.