Abo
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten

Support expired: Attacks on Avtech IP camera observed

The Corona Mirai botnet is currently attacking the AVM1203 IP camera from Avtech. The camera is used in public facilities and industrial plants.

Save to Pocket listen Print view
Surveillance, security, wiretapping

(Image: Gerd Altmann, Public Domain (Creative Commons CC0))

2 min. read
Security
By
Contents

Because support expired five years ago, the AVM1203 IP camera from Avtech no longer receives security updates. Now IT security researchers from Akamai are warning of attacks.

Malicious code vulnerability

In a report, the researchers state that the camera is used worldwide for surveillance in public institutions and critical infrastructures, among others. If attackers successfully exploit the vulnerability (CVE-2024-7029 "high"), they can execute malicious code remotely. It is not clear from the researchers' description whether attackers can spread further in the network after a successful attack.

The vulnerability concerns the camera's brightness function. At this point, attackers can use certain commands to initiate an attack. The researchers explain further details in their report. The attacks are said to originate from the Corona Mirai botnet.

As there will be no security update for the IP camera, admins should consider replacing it. If this is not an option, they should seal off the device with firewall rules for security reasons. In addition, the camera should not be publicly accessible via the Internet in order to reduce the attack surface. If external access is essential, this should be via a secure VPN connection.

The extent of the attacks is currently unknown. To help admins recognize attacks, the researchers list various Indicators of Compromises (IoC) at the end of their article. These include IP addresses from which attacks originate and hash values of the malware.

Vulnerability in Mirai botnet

Meanwhile, other IT researchers have discovered a vulnerability in the Mirai botnet. The drones with code versions up to August 19, 2024 do not correctly handle TCP connections to their command-and-control servers. Unauthenticated sessions remain open and consume resources as a result, they explain in an official CVE entry with the number CVE-2024-45163. It is extremely unusual for malware to receive an official vulnerability entry in the NIST database.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Spiele

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten