August 2, 2024 at 06:48AM
CISA published an advisory about a high-severity vulnerability in Avtech Security cameras, CVE-2024-7029, which allows network-injected commands without authentication. Avtech has not fixed the issue, leaving it vulnerable. The affected products are globally used, including in critical sectors. CISA is yet to add this to its Known Exploited Vulnerabilities Catalog. SecurityWeek is seeking more information.
Based on the meeting notes, the key takeaways are:
1. CISA has published an advisory about a high-severity vulnerability (CVE-2024-7029) that impacts Avtech AVM1203 IP cameras, potentially affecting other products from the same company.
2. The vulnerability allows commands to be injected over the network and executed without authentication, making it remotely exploitable.
3. Avtech has not responded to CISA’s attempts to address the vulnerability, indicating that the security hole remains unpatched.
4. Although no specific attacks involving the exploitation of CVE-2024-7029 have been reported, previous instances of Avtech cameras being targeted by IoT botnets are noted.
5. The affected products are widely used globally, including in critical infrastructure sectors such as commercial facilities, healthcare, financial services, and transportation.
6. CISA has not yet added the vulnerability to its Known Exploited Vulnerabilities Catalog.
7. The article mentions that SecurityWeek has reached out to the vendor for comment.
If there are any further details or specific actions required based on these takeaways, please feel free to provide additional information.