Unwanted Network Commands Can Be Executed Without Authentication
CVE-2024-7029
Key Information:
- Vendor
- Avtech
- Status
- Avm1203 (ip Camera)
- Vendor
- CVE Published:
- 2 August 2024
Badges
Summary
A vulnerability exists that enables malicious actors to inject commands over a network, allowing execution without the need for authentication. This type of security flaw poses significant risks, as it can lead to unauthorized access and manipulation of system functions. Organizations utilizing the affected products should prioritize implementing necessary security measures to mitigate potential risks associated with this vulnerability.
Affected Version(s)
AVM1203 (IP Camera) 0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
End-of-life IP cams being used to spread new Mirai botnet
in brief A series of IP cameras still used all over the world, despite being well past their end of life, have been exploited to create a new Mirai botnet.Β The vulnerability (CVSS 8.7, CVE-2024-7029) was...
4 months ago
Old CCTV cameras provide a fresh opportunity for a Mirai botnet variant
Researchers at Akamai say a zero-day vulnerability in AVTECH closed-circuit TV cameras is the latest example of how malicious hackers can exploit bugs in aging tech to propagate botnets.
5 months ago
Massive Mirai Botnet Exploited AVTECH Cameras Zero-Day
Researchers have discovered a Mirai botnet campaign exploiting a zero-day vulnerability (CVE-2024-7029) in AVTECH cameras.
5 months ago
References
EPSS Score
28% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π‘
Public PoC available
- π°
Used in Ransomware
- πΎ
Exploit known to exist
- π°
First article discovered by Infosecurity Magazine
Vulnerability published