Unwanted Network Commands Can Be Executed Without Authentication
CVE-2024-7029

9.8CRITICAL

Key Information:

Vendor
Avtech
Status
Avm1203 (ip Camera)
Vendor
CVE Published:
2 August 2024

Badges

📈 Score: 167💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 87%📰 News Worthy

What is CVE-2024-7029?

CVE-2024-7029 is a critical vulnerability identified in Avtech's systems that allows for the execution of arbitrary commands over the network without requiring any form of authentication. This flaw can lead to unauthorized access and control over the affected systems, severely impacting organizations that rely on Avtech’s products for their operational needs. The ability for attackers to execute commands with no controls in place presents a significant security risk, potentially compromising data integrity and overall system functionality.

Technical Details

The vulnerability is characterized by its capacity to accept and execute commands sent across the network, bypassing standard authentication mechanisms. This can occur in environments where Avtech devices are deployed, as the flaw enables remote interaction with the system, allowing unauthorized users to manipulate system functionalities, which could lead to further exploitation or data loss.

Potential Impact of CVE-2024-7029

  1. Unauthorized Access: Attackers can gain complete control over systems running vulnerable Avtech products, leading to potential data breaches and unauthorized manipulation of system operations.

  2. Operational Disruption: The ability to execute commands remotely can result in malicious users disrupting normal operations, potentially causing downtime or degradation of services that rely on the affected systems.

  3. Data Integrity Risks: The execution of arbitrary commands may allow attackers to alter or delete critical information, jeopardizing the integrity of organizational data and potentially leading to significant financial and reputational damage.

Affected Version(s)

AVM1203 (IP Camera) 0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-7029
Created by geniuszlyy

CVE-2024-7029
Created by ebrasha

News Articles

favicon imageThe Hacker News

Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers

New Murdoc_Botnet exploits CVE-2024-7029 and CVE-2017-17215 to infect 1,370+ devices, targeting IoT vulnerabilities for global DDoS attacks.

favicon imageThe Hacker News

Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers

New Murdoc_Botnet exploits CVE-2024-7029 and CVE-2017-17215 to infect 1,370+ devices, targeting IoT vulnerabilities for global DDoS attacks.

favicon imageThe Register

End-of-life IP cams being used to spread new Mirai botnet

in brief A series of IP cameras still used all over the world, despite being well past their end of life, have been exploited to create a new Mirai botnet.  The vulnerability (CVSS 8.7, CVE-2024-7029) was...

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-2...
government-resource

EPSS Score

87% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Infosecurity Magazine

  • Vulnerability published

Credit

Larry Cashdollar of Akamai Technologies reported this vulnerability to CISA. An anonymous third-party organization confirmed Akamai's report and identified specific affected products and firmware versions.
.