CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Discontinued GeoVision Products Targeted in Botnet Attacks via Zero-Day

A zero-day vulnerability affecting five discontinued GeoVision product models has been exploited by a botnet.

Discontinued GeoVision video surveillance products are falling victim to botnet attacks targeting a newly discovered zero-day vulnerability, The Shadowserver Foundation warns.

The issue, tracked as CVE-2024-11120 (CVSS score of 9.8), is described as an OS command injection flaw that can be exploited remotely, without authentication.

“Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device,” a NIST advisory reads.

The security defect was discovered by Piotr Kijewski of The Shadowserver Foundation, who verified it in collaboration with Taiwan CERT and GeoVision prior to public disclosure.

“Moreover, this vulnerability has already been exploited by attackers, and we have received related reports,” Taiwan CERT notes in an advisory.

GeoVision product models confirmed to be vulnerable include GV-VS12 and GV-VS11 video servers, GV-DSP_LPR_V3 license plate capture systems, and GVLX 4 V2 and GVLX 4 V3 DVRs, Taiwan CERT says.

Because all five product models have reached End-of-Life (EoL) status and are no longer supported, no security patch will be released for them.

Both The Shadowserver Foundation and Taiwan CERT recommend that users of the affected models replace them as soon as possible.

Advertisement. Scroll to continue reading.

“If you run a vulnerable EoL version, please remove [it] from the Internet and replace it,” The Shadowserver Foundation warned on Friday.

The organization has been seeing roughly 17,000 GeoVision devices exposed to the internet, roughly half of which are in the US.

Related: Citrix, Cisco, Fortinet Zero-Days Among 2023’s Most Exploited Vulnerabilities

Related: CISA: Oracle Vulnerabilities From ‘Miracle Exploit’ Targeted in Attacks

Related: Researcher Drops Oracle VirtualBox Zero-Day

Related: Authentication Bypass in Adobe Experience Manager Impacts Large Organizations

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.