CVE-2024-7029: Command Injection in AVTech AVM1203 (IP Camera)
First published: Fri Aug 02 2024(Updated: )
Commands can be injected over the network and executed without authentication.
Credit: ics-cert@hq.dhs.gov
Remedy
AVTECH SECURITY Corporation has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact AVTECH https://www.avtech.com.tw/ContactUs.aspx for additional information.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.bleepingcomputer.com/news/security/malware-exploits-5-year-old-zero-day-to-infect-end-of-life-ip-cameras/
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07
- https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt
- https://www.theregister.com/2024/08/31/ip_cameras_mirai_botnet/
- agent/author
- agent/weakness
- agent/description
- agent/type
- agent/remedy
- agent/severity
- agent/title
- agent/first-publish-date
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-7029
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/tags
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/the-register
- source/The Register
- alias/CVE-2014-8361
- alias/CVE-2017-17215
- alias/CVE-2024-38856
- alias/CVE-2024-7965