Attacker Value
Unknown
(1 user assessed)
Exploitability
Unknown
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
1

CVE-2024-7029

Disclosure Date: August 02, 2024
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Commands can be injected over the network and executed without authentication.

Add Assessment

1
Ratings
Technical Analysis

TL;DR: Unpatched command injection vulnerability in an end-of-life IP camera, being exploited to drop a Mirai botnet malware variant. Public PoC since 2019, no CVE assignment until 2024. It’d be awfully helpful if the description of this CVE included the apparent names of the affected vendor and product — respectively, AVTECH SECURITY Corporation and AVTECH IP Camera.

Akamai’s Aline Eliovich discovered this 0day independently after Akamai detected in-the-wild exploitation dating back to March 2024. Per their great blog, “analysis showed activity for this variant as early as December 2023. The proof of concept (PoC) for CVE-2024-7029 has been publicly available since at least 2019, but it never had a proper CVE assignment until August 2024.” Censys also has a write-up here with good historical background.

CISA published an ICS alert for this issue in August 2024 noting that successful exploitation allows an attacker to inject and execute commands as the owner of the running process. The CISA alert mentions that “it is suspected that prior versions of other IP cameras and NVR (network video recorder) products are also affected: AVM1203: firmware version FullImg-1023-1007-1011-1009 and prior.” The vulnerability is not on CISA KEV as of September 17, 2024 (potentially because there’s no fix and therefore nothing to mandate of KEV-bound teams).

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • avtech

Products

  • avm1203 firmware

Exploited in the Wild

Reported by:

Additional Info

Technical Analysis