"Unpatched CCTV Cameras Exploited to Spread Mirai Variant"

Security researchers at Akamai recently warned that an unpatched vulnerability found in CCTV cameras commonly used in critical infrastructure is being actively exploited to spread a Mirai variant malware.  The command injection vulnerability, CVE-2024-7029, is found in the brightness function of AVTECH CCTV cameras that allows for remote code execution (RCE).  The vulnerability was highlighted in a Cybersecurity and Infrastructure Security Agency (CISA) industrial control system (ICS) advisory in August 2024.  The researchers noted that the flaw has a CVSS score of 8.7, carrying a "High" rating.  The proof-of-concept (CoP) for CVE-2024-7029 has been publicly available since at least 2019 but was not given a CVE assignment until August 2024.  There is currently no patch available.  The article continues to discuss how attackers are exploiting the CCTV vulnerability. 

 

Infosecurity Magazine reports: "Unpatched CCTV Cameras Exploited to Spread Mirai Variant"

Submitted by Adam Ekwall on