November 18, 2024 at 09:34AM
Discontinued GeoVision video surveillance products are facing botnet attacks due to a critical zero-day vulnerability (CVE-2024-11120). This flaw allows remote attackers to execute commands without authentication. The affected models, now unsupported, include GV-VS12 and GV-VS11. Users are urged to replace these devices to mitigate risks.
### Meeting Notes Takeaways:
1. **Vulnerability Identified**: A zero-day vulnerability (CVE-2024-11120) has been discovered in discontinued GeoVision video surveillance products, characterized by an OS command injection flaw that can be exploited remotely without authentication. The severity of this vulnerability is high, with a CVSS score of 9.8.
2. **Exploitation Reports**: There have been confirmed reports of the vulnerability being exploited by attackers, highlighting the urgent need for remediation.
3. **Affected Products**: The specific GeoVision product models affected include:
– GV-VS12 and GV-VS11 video servers
– GV-DSP_LPR_V3 license plate capture systems
– GVLX 4 V2 and GVLX 4 V3 DVRs
4. **End-of-Life Status**: All five product models have reached End-of-Life (EoL) status and are no longer supported, meaning no security patches will be issued.
5. **Recommendation for Users**: Both The Shadowserver Foundation and Taiwan CERT strongly recommend that users of these affected models replace them immediately to mitigate the risk of exploitation.
6. **Current Exposure**: Approximately 17,000 GeoVision devices are currently exposed to the internet, with about 50% located in the US. Users are advised to remove vulnerable devices from the internet promptly.
7. **Collaborators**: The vulnerability discovery was reported by Piotr Kijewski of The Shadowserver Foundation in collaboration with Taiwan CERT and GeoVision.
### Action Items:
– Users of the affected models should plan for replacements and ensure that devices are removed from internet exposure.
– Monitor for further updates and advisories from The Shadowserver Foundation and Taiwan CERT regarding this vulnerability.