Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers

Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet. The ongoing activity "demonstrates enhanced capabilities, exploiting vulnerabilities...

Exploit for Command Injection in Avtech Avm1203_Firmware

EN GenAvTechRCEExploit A PoC exploit for the CVE-2024-7029...

Exploit for Command Injection in Avtech Avm1203_Firmware

PoC tool for exploiting CVE-2024-7029 in AvTech devices 🎤...

AVTECH 744 DVR Account Information Retrieval

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AVTECH 744 DVR Account Information Retrieval', 'Description' = %q This module will extract the account information from the AVTECH 744 DVR device...

Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks

A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 CVSS score: 8.7, the vulnerability in question, is a "command injection vulnerability found in the brightness function of AVTECH closed-circui...

The vulnerability of the microprogrammed software of AVTECH AVM1203 lies in the lack of measures taken to neutralize the special elements used in the operating system commands. This allows a intruder to gain full access to the device.

The vulnerability of the IP camera software of AVTECH AVM1203 is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow a remote attacker to gain full access to the device...

CVE-2024-7029 Command Injection in AVTech AVM1203 (IP Camera)

Commands can be injected over the network and executed without authentication...

CVE-2024-7029 Command Injection in AVTech AVM1203 (IP Camera)

Commands can be injected over the network and executed without authentication...

AVTECH IP camera 命令注入漏洞

AVTECH IP camera is a series of network security cameras from AVTECH. AVTECH IP camera suffers from a command injection vulnerability that originates from commands that can be injected over the network and executed without authentication...

CVE-2024-7029

Commands can be injected over the network and executed without authentication. Recent assessments: ccondon-r7 at September 17, 2024 11:39pm UTC reported: TL;DR: Unpatched command injection vulnerability in an end-of-life IP camera, being exploited to drop a Mirai botnet malware variant. Public Po...

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS advisories on August 1, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-214-01 Johnson Controls exacqVision Client and exacqVision Server ICSA-24-214-02 Johnso...

AVTECH IP camera

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : AVTECH SECURITY Corporation Equipment : IP camera Vulnerability : Command Injection 2. RISK EVALUATION Successful exploitation of this...

PT-2024-5360

Name of the Vulnerable Software and Affected Versions AVTECH AVM1203 versions prior to the latest supported version AVTECH IP cameras affected versions not specified Description The issue is related to a command injection vulnerability found in the brightness function of AVTECH closed-circuit...

CVE-2024-33471

An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-33471

An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-33471

AVTECH Room Alert 4E v4.4.0 is affected by a Sensor Settings vulnerability that allows an attacker to access SMTP credentials in plaintext via a crafted AJAX request. This affects devices no longer supported by the maintainer. CVSSv3.1: 7.2 (HIGH) with Network attack vector, low complexity, requi...

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-33470

The CVE-2024-33470 entry affects AVTECH Room Alert 4E v4.4.0, with a root cause in the SMTP Email Settings that can expose credentials in plaintext via a passback attack. The issue is documented across multiple sources (including PT-2024-25275) and is tied to products that are no longer supported...

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...