A security camera from Taiwanese manufacturer AVTECH contains a vulnerability that enables the spread of Mirai malware for botnets.
According to Akamai researchers, an outdated AVTECH camera provides an ideal source for spreading the infamous Mirai malware, which is used to set up botnets. The camera at issue is the AVTECH AVM1203 dome camera. The vulnerability in the IP camera was discovered after researchers set up several honeypots posing as this type of camera.
Akamai said the zero-day vulnerability found in the camera, CVE-2024-7029, has been around for five years and has been actively exploited since March of this year. It involves a vulnerability in the brightness functionality that enables command injection.
Install Corona Mirai
Hackers exploited this vulnerability to execute malicious code, specifically to upload and install the Mirai botnet malware variant Corona Mirai.
When this code is executed, the malware connects via Telnet to many hosts via ports 23, 2323 and 37215. In addition, the malware prints the string “Corona” on the console of an infected host.
In addition, the Corona Mirai malware also targets other vulnerabilities, such as a Hadoop YARN RCE (CVE-2014-8361) and CVE-2017-17215.
The researchers stress that the vulnerability in this IP camera can no longer be patched, as the device is no longer supported. Therefore, they advise companies to replace all cameras of this type to avoid further problems.
Also read: New variant Mirai malware abuses weak passwords IoT devices