Unwanted Network Commands Can Be Executed Without Authentication
Key Information
- Vendor
- Avtech
- Status
- Avm1203 (ip Camera)
- Vendor
- CVE Published:
- 2 August 2024
Badges
Summary
The vulnerability with the title CVE-2024-7029 allows unauthenticated attackers to inject commands over the network in AVTECH IP cameras. This flaw has a high severity with a CVSS v4 score of 8.7 and impacts all AVTECH AVM1203 IP cameras running on specific firmware versions. Since these models are no longer supported by the vendor, there is no patch available to address this vulnerability. Malware, specifically the Corona Mirai-based botnet, has been observed actively exploiting this vulnerability, as seen in attacks in the wild. The exploitation involves downloading and executing a JavaScript file, loading the primary botnet payload onto the device, and connecting to command and control servers to execute distributed denial of service (DDoS) attacks. As the impacted models will not receive any fixes and are still in use in various sectors, it is recommended to take these cameras offline immediately and replace them with newer and actively supported models. It is crucial for IP cameras to run the latest firmware version and have strong, unique passwords, as well as being separated from critical or production networks to reduce the risk of exposure to cyber threats.
Affected Version(s)
AVM1203 (IP Camera) <= 0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
End-of-life IP cams being used to spread new Mirai botnet
in brief A series of IP cameras still used all over the world, despite being well past their end of life, have been exploited to create a new Mirai botnet. The vulnerability (CVSS 8.7, CVE-2024-7029) was...
2 weeks ago
End-of-life IP cams being used to spread new Mirai botnet
in brief A series of IP cameras still used all over the world, despite being well past their end of life, have been exploited to create a new Mirai botnet. The vulnerability (CVSS 8.7, CVE-2024-7029) was...
2 weeks ago
Old CCTV cameras provide a fresh opportunity for a Mirai botnet variant
Researchers at Akamai say a zero-day vulnerability in AVTECH closed-circuit TV cameras is the latest example of how malicious hackers can exploit bugs in aging tech to propagate botnets.
3 weeks ago
CVSS V3.1
Timeline
First article discovered by Infosecurity Magazine
- 👾
Exploit exists.
Risk change from: null to: 8.8 - (HIGH)
Vulnerability published.