Hunt Electronic DVR Vulnerability Leaves Admin Credentials Unprotected
gbhackers
A newly disclosed critical vulnerability in Hunt Electronics’ hybrid DVRs has left thousands of surveillance systems dangerously exposed, with administrator credentials accessible in plaintext to anyone on the internet.
Security researchers have assigned this flaw the identifier CVE-2025-6561, and it carries a maximum CVSS severity score of 9.8, underscoring the urgent need for immediate action from affected users.
Critical Exposure: What Happened?
The vulnerability specifically impacts Hunt Electronics’ HBF-09KD and HBF-16NK hybrid DVR models running firmware version V3.1.67_1786 BB11115 and earlier.
According to multiple security advisories, unauthenticated remote attackers can directly retrieve the system’s configuration file from a vulnerable device.
| CVE ID | CVSS Score | Affected Models | Description |
| CVE-2025-6561 | 9.8 | HBF-09KD, HBF-16NK | Exposure of Sensitive Information: Unauthenticated remote access to config file with plaintext admin credentials |
This file contains administrator credentials stored in plaintext, meaning attackers do not need to log ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE