CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

CISA Warns of Avtech Camera Vulnerability Exploited in Wild

An Avtech camera vulnerability that likely remains unfixed has been exploited in the wild, according to CISA.

The US cybersecurity agency CISA has published an advisory describing a high-severity vulnerability that appears to have been exploited in the wild to hack cameras made by Avtech Security. 

The flaw, tracked as CVE-2024-7029, has been confirmed to impact Avtech AVM1203 IP cameras running firmware versions FullImg-1023-1007-1011-1009 and prior, but other cameras and NVRs made by the Taiwan-based company may also be affected.

“Commands can be injected over the network and executed without authentication,” CISA said, noting that the bug is remotely exploitable and that it’s aware of exploitation. 

The cybersecurity agency said Avtech has not responded to its attempts to get the vulnerability fixed, which likely means that the security hole remains unpatched. 

CISA learned about the vulnerability from Akamai and the agency said “an anonymous third-party organization confirmed Akamai’s report and identified specific affected products and firmware versions”.

There do not appear to be any public reports describing attacks involving exploitation of CVE-2024-7029. SecurityWeek has reached out to Akamai for more information and will update this article if the company responds.

It’s worth noting that Avtech cameras have been targeted by several IoT botnets over the past years, including by Hide ‘N Seek and Mirai variants.

According to CISA’s advisory, the vulnerable product is used worldwide, including in critical infrastructure sectors such as commercial facilities, healthcare, financial services, and transportation. 

Advertisement. Scroll to continue reading.

It’s also worth pointing out that CISA has yet to add the vulnerability to its Known Exploited Vulnerabilities Catalog at the time of writing. 

SecurityWeek has reached out to the vendor for comment. 

UPDATE: Larry Cashdollar, Principal Security Researcher at Akamai Technologies, provided the following statement to SecurityWeek:

“We saw an initial burst of traffic probing for this vulnerability back in March but it has trickled off until recently likely due to the CVE assignment and current press coverage. It was discovered by Aline Eliovich a member of our team who had been examining our honeypot logs hunting for zero days. The vulnerability lies in the brightness function within the file /cgi-bin/supervisor/Factory.cgi. Exploiting this vulnerability allows an attacker to remotely execute code on a target system. The vulnerability is being abused to spread malware. The malware appears to be a Mirai variant. We’re working on a blog post for next week that will have more details.”

UPDATE 2, August 8, 2024: Avtech has provided the following statement to SecurityWeek:

“Regarding recent concerns raised by CISA regarding a potential security vulnerability in one of our products. The specific model in question, AVM1203, has been discontinued for nearly seven years. Following a thorough internal review of our current product lineup, we can confirm that this issue has been fully addressed in all models currently available on the market. We assure our customers that they can continue using our products with confidence.

Despite its discontinued status, we are evaluating the possibility of releasing a software update to address the identified vulnerability or offering a product replacement service for affected units.

At AVTECH, we take product security very seriously. We have consistently invested in enhancing the security of our products to protect against potential malicious attacks, thereby safeguarding our customers from any inconvenience or loss. In recent years, our key security measures have included:

  • Encrypting all communications between our devices and company-operated servers, including P2P connections.
  • Requiring account and password authentication for all device communications, with mandatory password changes to ensure that new credentials meet robust security standards.
  • Conducting detailed and precise input validation for all communication interfaces, particularly user-provided parameters, ensuring they are thoroughly checked and accurately processed before being applied by the device.

While we strive to follow the best security practices in all our products, it is important to recognize that once products are phased out and cease to receive updates, their security protocols may no longer be up to date. This is a common challenge with electronic products across the industry. We encourage our customers to consider upgrading to our current product offerings to ensure they benefit from the latest security protocols and features, thereby maintaining the highest level of protection and functionality.

We will reach out to CISA to clarify and resolve the issue raised, addressing any customer concerns.”

Related: Recent Zyxel NAS Vulnerability Exploited by Botnet

Related: Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested

Related: 400,000 Linux Servers Hit by Ebury Botnet 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.