A botnet exploits e GeoVision zero-day to compromise EoL devices
2024-11-17 12:52:41 Author: securityaffairs.com(查看原文) 阅读量:17 收藏

A botnet exploits e GeoVision zero-day to compromise EoL devices

Pierluigi Paganini November 17, 2024

A botnet employed in DDoS or cryptomining attacks is exploiting a zero-day in end-of-life GeoVision devices to grow up.

Researchers at the Shadowserver Foundation observed a botnet exploiting a zero-day in GeoVision EOL (end-of-Life) devices to compromise devices in the wild. The GeoVision zero-day, tracked as CVE-2024-11120 (CVSS 9.8), is a pre-auth command injection vulnerability that was discovered by Shadowserver Foundation and verified with the help of TWCERT.

The vulnerability impacts the following EoL products:

  • GV-VS12
  • GV-VS11
  • GV-DSP_LPR_V3
  • GVLX 4 V2
  • GVLX 4 V3

“Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.” reads the advisory published by TWCERT. “Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.”

The botnet was used to carry out DDoS or cryptomining attacks.

According to Shadowserver Foundation, there are approximately 17,000 Internet-facing GeoVision devices vulnerable to the CVE-2024-11120 zero-day.

https://twitter.com/Shadowserver/status/1857356338747040225

Most of the exposed devices are based in the United States (9,179), followed by Germany (1,652), Taiwan (792), and Canada (784).

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, cryptomining)




文章来源: https://securityaffairs.com/171067/malware/ddos-botnet-exploits-geovision-zero-day.html
如有侵权请联系:admin#unsafe.sh