A critical zero-day vulnerability (CVE-2024-7029) affecting AVTECH AVM1203 security cameras has been actively exploited for five years [1], posing a high-severity risk to organizations.
Description
The vulnerability allows for code injection and remote code execution through a command injection issue in the brightness function of AVTECH AVM1203 cameras. This flaw has been exploited by a botnet campaign distributing the Corona Mirai malware variant, connecting to hosts via Telnet on ports 23, 2323 [1] [6], and 37215 [1] [5] [6]. Additionally, a botnet named 7777 (or Quad7) has been targeting Microsoft 365 accounts using compromised TP-Link and ASUS routers [3], opening TCP port 7777 on compromised devices [3]. Organizations with impacted AVTECH AVM1203 cameras are advised to upgrade to newer versions as patches are no longer available [1]. The vulnerability affects specific firmware versions of Avtech AVM1203 IP cameras and remains unpatched, posing a significant threat to critical infrastructure sectors.
Conclusion
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory on the AVTECH IP camera zero-day [4], emphasizing the devices’ use in critical infrastructure sectors [4]. The exploit has been used to create a botnet targeting AVM1203 camera devices with specific firmware versions [2]. Researchers recommend replacing all cameras of this type as the vulnerability cannot be patched due to lack of support [5], highlighting the ongoing risks and implications for organizations.
References
[1] https://www.scmagazine.com/brief/mirai-variant-deployed-via-avtech-security-camera-exploit
[2] https://www.bbfeab.ca/gmask/2024/08/29/GDMS19TRC124711MUV02post/
[3] https://thehackernews.com/2024/08/unpatched-avtech-ip-camera-flaw.html
[4] https://www.darkreading.com/ics-ot-security/cctv-zero-day-targeted-by-mirai-botnet-campaign
[5] https://www.techzine.eu/news/security/123883/outdated-ip-camera-spreads-mirai-malware/
[6] https://www.infosecurity-magazine.com/news/unpatched-cctv-cameras-exploited/