August 29, 2024 at 11:49AM
The Corona Mirai-based malware botnet is exploiting a 5-year-old remote code execution zero-day vulnerability in AVTECH IP cameras, impacting models no longer supported by the vendor. The flaw has a high-severity score and allows unauthenticated attackers to inject commands, potentially leading to distributed denial of service (DDoS) attacks. Users are advised to replace affected cameras with newer, supported models and take security measures.
After reviewing the meeting notes, here are the key takeaways:
– The Corona Mirai-based malware botnet is exploiting a 5-year-old remote code execution (RCE) zero-day vulnerability, CVE-2024-7029, in AVTECH IP cameras. The flaw is in the “brightness” function of the cameras, allowing unauthenticated attackers to inject commands over the network.
– This vulnerability impacts all AVTECH AVM1203 IP cameras running on firmware versions up to Fullmg-1023-1007-1011-1009. The cameras have been discontinued and are no longer receiving security updates from the vendor due to reaching end of life (EoL) in 2019.
– The U.S. Cybersecurity and Infrastructure Security Agency has issued an advisory warning about CVE-2024-7029 and the availability of public exploits. It is noted that the impacted cameras are still being used in commercial facilities, financial services, healthcare, public health, and transportation systems.
– Proof of concept (PoC) exploits for CVE-2024-7029 have been available since at least 2019, and active exploitation by the Corona botnet leveraging this vulnerability has been observed, with the first active campaign starting on March 18, 2024.
– The malware connected to the compromised devices can execute distributed denial of service (DDoS) attacks. Additionally, other vulnerabilities targeted by the Corona botnet include CVE-2017-17215, CVE-2014-8361, and Hadoop YARN RCE.
– The meeting notes also recommend that users of AVTECH AVM1203 IP cameras should take them offline immediately and replace them with newer, actively supported models. It is emphasized that IP cameras should always run the latest firmware version and have default credentials changed to strong and unique passwords. It is also advised to separate these devices from critical or production networks.
These takeaways summarize the critical information discussed during the meeting.