A widely-used surveillance camera has been found carrying a high-severity vulnerability that allows threat actors to take over the device.
Researchers from Akamai recently reported cybercriminals started exploiting the flaw in the AVM1203, a surveillance camera model designed and sold by Taiwanese manufacturer AVTECH, to hijack the endpoints and assimilate them into the Mirai botnet.
Since the model reached its end-of-life status long ago, AVTECH will not be patching the bug, so the best course of action for any owners would be to replace the device with a newer model.
CISA recommendations
The vulnerability in question is tracked as CVE-2024-7029. It has a severity rating of 8.7 (high-severity), and is described as an “improper neutralization of special elements used in a command ('Command Injection')”.
CISA’s technical description states that the flaw allows commands to be injected over the network, “and executed without authentication.”
Those who are unable to replace the device, should take defensive measures, CISA recommends. Those include minimizing network exposure for all control system devices and/or systems (making sure they’re not accessible from the public internet), and locating control system networks and remote devices behind firewalls, and isolating them from business networks.
Ultimately, if it is absolutely necessary for the endpoint to be accessible via the internet, CISA recommends using secure methods such as VPNs, while still stressing that many VPNs may have vulnerabilities, as well.
Mirai is a popular botnet that primarily targets Internet of Things (IoT) devices. It was first discovered in 2016, and has since grown to be almost synonymous with Distributed Denial of Service (DDoS) attacks. The Mirai botnet gained notoriety in October 2016 when it was used to launch one of the largest DDoS attacks in history against Dyn, a major DNS provider. This attack disrupted websites like Twitter, Netflix, and Reddit.
Mirai's source code was eventually released publicly, leading to the creation of many variants by other cybercriminals. These variants have continued to exploit vulnerabilities in IoT devices, making Mirai a significant ongoing threat in the cybersecurity landscape.
Via Ars Technica
More from TechRadar Pro
- A new botnet is spreading Mirai across the world, with thousands of devices affected
- Here's a list of the best firewall software around today
- These are the best endpoint security tools right now