Old AVTECH Cameras Haunted by Ghosts of Exploits Past: Corona Botnet Strikes!
Corona Mirai-based malware is exploiting a zero-day in outdated AVTECH IP cameras, causing chaos with ease. This flaw, CVE-2024-7029, lies in the camera’s “brightness” function, and since these models are no longer supported, there’s no patch available. Time to say goodbye to those old cameras!
Hot Take:
Nothing like a 5-year-old unpatched flaw in discontinued AVTECH IP cameras to remind us that even our technology’s past can come back to haunt us like a bad sequel. Spoiler alert: This one doesn’t have a happy ending.
Key Points:
- A 5-year-old RCE zero-day in AVTECH IP cameras (CVE-2024-7029) is being exploited by the Corona Mirai-based botnet.
- The flaw exists in the “brightness” function of the cameras’ firmware, allowing command injection over the network.
- AVTECH AVM1203 IP cameras have been discontinued since 2019 and will not receive any security patches.
- Proof of concept (PoC) exploits have been available since 2019, but the flaw only got a CVE assignment in 2024.
- Users are advised to immediately take affected cameras offline and replace them with supported models.
Membership Required
You must be a member to access this content.