Unpatchable 0-day in surveillance cam is being exploited to install Mirai

A critical zero-day vulnerability, tracked as CVE-2024-7029, has been discovered in the AVM1203 surveillance camera manufactured by AVTECH. This vulnerability, which has been known since at least 2019, allows attackers to remotely execute commands and has been exploited since March 2024 to install a variant of the Mirai malware. The AVM1203 is no longer sold or supported, meaning no updates are available to address this issue. The attacks have been observed targeting various organizations, although there is no evidence that the attackers are monitoring video feeds from the compromised cameras. The vulnerability is exploited through a command injection flaw in the camera's software, specifically in the brightness function of a CGI script. The malware connects to multiple hosts via Telnet and has been linked to other known vulnerabilities. Given the lack of support for the AVM1203, users are advised to replace the device and ensure that all Internet-connected devices are secured with unique credentials.

- A zero-day vulnerability in AVTECH's AVM1203 camera is being exploited to spread Mirai malware.

- The vulnerability allows remote command execution and has been active since March 2024.

- The AVM1203 is no longer supported, leaving users without a fix for the vulnerability.

- Attackers have targeted various organizations but have not been seen monitoring video feeds.

- Users are advised to replace unsupported devices and secure IoT devices with unique credentials.