Botnet Exploits Zero-Day Vulnerability in End-of-Life GeoVision Devices

411/67 Tuesday, November 19, 2024

Researchers from the Shadowserver Foundation have uncovered a botnet exploiting a zero-day vulnerability in End-of-Life (EoL) GeoVision devices to launch attacks and take control of active systems. The vulnerability, identified as CVE-2024-11120, carries a CVSS score of 9.8 and is classified as a pre-authentication command injection flaw. It was discovered by Shadowserver Foundation and confirmed with assistance from TWCERT (Taiwan Computer Emergency Response Team). Affected GeoVision products include:

  • GV-VS12
  • GV-VS11
  • GV-DSP_LPR_V3
  • GVLX 4 V2
  • GVLX 4 V3

According to Shadowserver Foundation, approximately 17,000 GeoVision devices connected to the internet are vulnerable to attacks exploiting CVE-2024-11120. The majority of at-risk devices are located in the United States (9,179 devices), followed by Germany (1,652 devices), Taiwan (792 devices), and Canada (784 devices), indicating significant risk to users of these devices.

Researchers recommend that users of End-of-Life GeoVision devices review their systems and consider upgrading to newer models to mitigate potential threats. Additionally, disabling external access to devices still in use is advised to reduce the likelihood of compromise.

Source  https://securityaffairs.com/171067/malware/ddos-botnet-exploits-geovision-zero-day.html