CVE-2024-7029

Name of the Vulnerable Software and Affected Versions AVTECH AVM1203 versions prior to the latest supported version AVTECH IP cameras (affected versions not specified)

Description The issue is related to a command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras, allowing for remote code execution (RCE) without authentication. This vulnerability has been exploited by the Mirai botnet to spread malware. Approximately 4,386,526 potentially vulnerable devices have been identified. The vulnerability has been actively exploited since at least 2019, but it wasn’t formally recognized until August 2024.

Recommendations For AVTECH AVM1203 versions prior to the latest supported version: Consider replacing the device with a newer model that receives regular security updates. For AVTECH IP cameras (affected versions not specified): Update the firmware to the latest version, if available, and ensure that all devices are properly configured and secured to prevent exploitation. As a temporary workaround, consider disabling the brightness function or restricting access to the camera's network interface until a patch is available.