Unwanted Network Commands Can Be Executed Without Authentication
CVE-2024-7029
Key Information:
- Vendor
- Avtech
- Status
- Avm1203 (ip Camera)
- Vendor
- CVE Published:
- 2 August 2024
Badges
What is CVE-2024-7029?
CVE-2024-7029 is a critical vulnerability identified in Avtech's systems that allows for the execution of arbitrary commands over the network without requiring any form of authentication. This flaw can lead to unauthorized access and control over the affected systems, severely impacting organizations that rely on Avtech’s products for their operational needs. The ability for attackers to execute commands with no controls in place presents a significant security risk, potentially compromising data integrity and overall system functionality.
Technical Details
The vulnerability is characterized by its capacity to accept and execute commands sent across the network, bypassing standard authentication mechanisms. This can occur in environments where Avtech devices are deployed, as the flaw enables remote interaction with the system, allowing unauthorized users to manipulate system functionalities, which could lead to further exploitation or data loss.
Potential Impact of CVE-2024-7029
-
Unauthorized Access: Attackers can gain complete control over systems running vulnerable Avtech products, leading to potential data breaches and unauthorized manipulation of system operations.
-
Operational Disruption: The ability to execute commands remotely can result in malicious users disrupting normal operations, potentially causing downtime or degradation of services that rely on the affected systems.
-
Data Integrity Risks: The execution of arbitrary commands may allow attackers to alter or delete critical information, jeopardizing the integrity of organizational data and potentially leading to significant financial and reputational damage.
Affected Version(s)
AVM1203 (IP Camera) 0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles

Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers
New Murdoc_Botnet exploits CVE-2024-7029 and CVE-2017-17215 to infect 1,370+ devices, targeting IoT vulnerabilities for global DDoS attacks.

Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers
New Murdoc_Botnet exploits CVE-2024-7029 and CVE-2017-17215 to infect 1,370+ devices, targeting IoT vulnerabilities for global DDoS attacks.
End-of-life IP cams being used to spread new Mirai botnet
in brief A series of IP cameras still used all over the world, despite being well past their end of life, have been exploited to create a new Mirai botnet. The vulnerability (CVSS 8.7, CVE-2024-7029) was...
References
EPSS Score
82% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 📰
First article discovered by Infosecurity Magazine
Vulnerability published