Unknown
CVE-2024-7029
CVE-2024-7029
Description
Commands can be injected over the network and executed without authentication.
Add Assessment
Technical Analysis
TL;DR: Unpatched command injection vulnerability in an end-of-life IP camera, being exploited to drop a Mirai botnet malware variant. Public PoC since 2019, no CVE assignment until 2024. It’d be awfully helpful if the description of this CVE included the apparent names of the affected vendor and product — respectively, AVTECH SECURITY Corporation and AVTECH IP Camera.
Akamai’s Aline Eliovich discovered this 0day independently after Akamai detected in-the-wild exploitation dating back to March 2024. Per their great blog, “analysis showed activity for this variant as early as December 2023. The proof of concept (PoC) for CVE-2024-7029 has been publicly available since at least 2019, but it never had a proper CVE assignment until August 2024.” Censys also has a write-up here with good historical background.
CISA published an ICS alert for this issue in August 2024 noting that successful exploitation allows an attacker to inject and execute commands as the owner of the running process. The CISA alert mentions that “it is suspected that prior versions of other IP cameras and NVR (network video recorder) products are also affected: AVM1203: firmware version FullImg-1023-1007-1011-1009 and prior.” The vulnerability is not on CISA KEV as of September 17, 2024 (potentially because there’s no fix and therefore nothing to mandate of KEV-bound teams).
CVSS V3 Severity and Metrics
General Information
Vendors
- avtech
Products
- avm1203 firmware
Exploited in the Wild
References
Exploit
A PoC added here by the AKB Worker must have at least 2 GitHub stars.
