A vulnerability in AVTECH cameras is being actively exploited to spread a variant of the notorious Mirai botnet, security researchers at Akamai have warned.
Dubbed CVE-2024-7029, the flaw allows remote attackers to inject commands and seize control of affected devices.
Discovered by Aline Eliovich, the zero-day vulnerability lies within the “brightness” function of the camera’s firmware. Exploiting this weakness, malicious actors can inject commands at an elevated privilege level, effectively hijacking the device.
The exploit code has been publicly available since at least 2019 but was only formally assigned a CVE identifier in August 2024. This delay highlights the challenge of tackling vulnerabilities that haven’t been formally catalogued, leaving countless devices exposed.
“A vulnerability without a formal CVE assignment may still pose a threat to your organisation – in fact, it could be a significant threat,” warned Akamai. “Malicious actors who operate these botnets have been using new or under-the-radar vulnerabilities to proliferate malware.”
The Akamai team, who uncovered the campaign through their global honeypot network, observed the botnet targeting multiple vulnerabilities beyond CVE-2024-7029. These included a Hadoop YARN RCE, CVE-2014-8361, and CVE-2017-17215, highlighting an alarming trend of attackers weaponising older, often overlooked, security flaws.
Once a device is compromised, the botnet – dubbed ‘Corona Mirai’ due to strings referencing the COVID-19 virus within the malware – seeks to further its reach by targeting devices using Telnet on ports 23, 2323, and 37215. It also attempts to exploit Huawei devices vulnerable to CVE-2017-17215.
Although the affected AVTECH camera model has been discontinued, the US Cybersecurity and Infrastructure Security Agency (CISA) cautioned that these devices are still widely deployed globally, including within critical infrastructure.
“Managing patch priorities is arduous, especially when the threats have no available patch,” explains the Akamai team. In such cases, they recommend decommissioning vulnerable hardware and software to mitigate the risks.
(Photo by Brian McGowan)
See also: US disrupts botnet used by Russia-linked APT28 threat group
Want to learn about the IoT from industry leaders? Check out IoT Tech Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Cyber Security & Cloud Expo, AI & Big Data Expo, Intelligent Automation Conference, Edge Computing Expo, and Digital Transformation Week.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
