9.8
CRITICAL
CVE-2024-7029
Apache Router Command Injection
Description

Commands can be injected over the network and executed without authentication.

INFO

Published Date :

Aug. 2, 2024, 3:16 p.m.

Last Modified :

Sept. 17, 2024, 1:30 p.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
Public PoC/Exploit Available at Github

CVE-2024-7029 has a 6 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-7029 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Avtech avm1203_firmware
2 Avtech avm1203
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-7029.

URL Resource
https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt Exploit Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07 Third Party Advisory US Government Resource

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

A PoC exploit for the CVE-2024-7029 vulnerability found in AvTech devices, allowing Remote Code Execution (RCE)

Python

Updated: 1 month, 2 weeks ago
8 stars 1 fork 1 watcher
Born at : Oct. 8, 2024, 10:04 a.m. This repo has been linked 1 different CVEs too.

A PoC tool for exploiting CVE-2024-7029 in AvTech devices, enabling RCE, vulnerability scanning, and an interactive shell.

abdal-security-group ebrasha avtech cctv exploit poc cve-2024-7029 remote-code-execution

C#

Updated: 1 month ago
5 stars 3 fork 3 watcher
Born at : Sept. 2, 2024, 10:16 a.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 3 months, 1 week ago
7 stars 2 fork 2 watcher
Born at : Aug. 30, 2024, 7:58 a.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 3 months, 3 weeks ago
1 stars 1 fork 1 watcher
Born at : Aug. 29, 2024, 4:52 p.m. This repo has been linked 1 different CVEs too.

Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.

cisa-kev vulnerability 0day cisa exploits

Updated: 2 weeks, 1 day ago
548 stars 35 fork 35 watcher
Born at : April 19, 2022, 8:58 a.m. This repo has been linked 1228 different CVEs too.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

security cve exploit poc vulnerability

Updated: 2 weeks, 1 day ago
6566 stars 1140 fork 1140 watcher
Born at : Dec. 8, 2019, 1:03 p.m. This repo has been linked 958 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-7029 vulnerability anywhere in the article.

  • The Cyber Express
Cyble Sensors Uncover Cyberattacks on Java Framework and IoT Devices

Cyble vulnerability intelligence unit has shared a report, detailing the recent cyberattacks on the Spring Java framework and hundreds of thousands of Internet of Things (IoT) devices. The report shed ... Read more

Published Date: Oct 23, 2024 (1 month, 4 weeks ago)
  • The Cyber Express
Progress Telerik, Cisco, QNAP and Linux Under Attack: Cyble Honeypot Sensors

Cyble’s Vulnerability Intelligence unit has detected cyberattacks on several key IT products and systems, as threat actors have been quick to exploit vulnerabilities and enterprises slow to patch them ... Read more

Published Date: Oct 08, 2024 (2 months, 1 week ago)
  • Cybersecurity News
Sophisticated Cyber Espionage: Earth Baxia Uses CVE-2024-36401 and Cobalt Strike to Infiltrate APAC

Overview of the attack chain | Image: Trend MicroIn a recent report from Trend Micro, the cyber espionage group Earth Baxia has been identified targeting government organizations in Taiwan and potenti ... Read more

Published Date: Sep 19, 2024 (3 months ago)
  • security.nl
'38.000 end-of-life ip-camera's fabrikant AVTech benaderbaar vanaf internet'

Zo'n 38.000 ip-camera's van fabrikant AVTech die end-of-life zijn, en daardoor geen beveiligingsupdates meer ontvangen, zijn vanaf internet benaderbaar. Dat stelt securitybedrijf Censys. Eind augustus ... Read more

Published Date: Sep 09, 2024 (3 months, 1 week ago)
  • Cybersecurity News
North Korea Targets DeFi and Crypto Companies with Advanced Social Engineering Attacks

Please enable JavaScriptThe FBI has warned sternly about North Korean state-sponsored hackers employing highly sophisticated social engineering tactics to infiltrate decentralized finance (DeFi) and c ... Read more

Published Date: Sep 05, 2024 (3 months, 2 weeks ago)
  • Cybersecurity News
CVE-2024-38106: 0-Day Windows Kernel Vulnerability Exploited in the Wild, PoC Published

Recently, security researcher Sergey Kornienko from PixiePoint Security published an analysis and proof-of-concept (PoC) exploit for a critical zero-day vulnerability in the Windows Kernel, identified ... Read more

Published Date: Sep 04, 2024 (3 months, 2 weeks ago)
  • Cybersecurity News
Researcher Identifies ToddyCat-Inspired APT Attack Leveraging ICMP Backdoor and Microsoft Exchange Flaws

Image: KasperskyCybersecurity researchers at Kaspersky’s Global Emergency Response Team (GERT) have uncovered a sophisticated attack involving an ICMP backdoor, bearing striking similarities to the ta ... Read more

Published Date: Sep 04, 2024 (3 months, 2 weeks ago)
  • Cybersecurity News
AISURU Botnet Identified in Massive DDoS Attack on Steam

A massive, coordinated DDoS attack disrupted Steam services globally and the Perfect World Esports platform in China on the weekend of August 24-26, coinciding with the launch of the highly anticipate ... Read more

Published Date: Sep 02, 2024 (3 months, 2 weeks ago)
  • The Register
Check your IP cameras: There's a new Mirai botnet on the rise

in brief A series of IP cameras still used all over the world, despite being well past their end of life, have been exploited to create a new Mirai botnet. The vulnerability (CVSS 8.7, CVE-2024-7029) ... Read more

Published Date: Aug 31, 2024 (3 months, 3 weeks ago)
  • Cybersecurity News
Google TAG Uncovers Watering Hole Attacks on Mongolian Government Websites

In a revealing report, Google’s Threat Analysis Group (TAG) has uncovered a series of sophisticated watering hole attacks targeting Mongolian government websites between November 2023 and July 2024. T ... Read more

Published Date: Aug 31, 2024 (3 months, 3 weeks ago)
  • The Cyber Express
Massive Mirai Botnet Exploited Zero-Day Vulnerability in AVTECH Cameras

Researchers have discovered a botnet campaign that is exploiting several vulnerabilities, including a zero-day vulnerability (CVE-2024-7029) in AVTECH closed-circuit television (CCTV) cameras that cou ... Read more

Published Date: Aug 30, 2024 (3 months, 3 weeks ago)
  • BleepingComputer
Malware exploits 5-year-old zero-day to infect end-of-life IP cameras

Image: Midjourney The Corona Mirai-based malware botnet is spreading through a 5-year-old remote code execution (RCE) zero-day in AVTECH IP cameras, which have been discontinued for years and will not ... Read more

Published Date: Aug 29, 2024 (3 months, 3 weeks ago)
  • The Hacker News
Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks

A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 (CVSS score: 8.7), the vulnerability in quest ... Read more

Published Date: Aug 29, 2024 (3 months, 3 weeks ago)
  • security.nl
AVTech ip-camera's al maandenlang via beveiligingslek besmet met malware

Een vijf jaar oude kwetsbaarheid in ip-camera's van fabrikant van AVTech wordt al maandenlang door criminelen gebruikt om de apparaten met malware te infecteren. Volgens internetbedrijf Akamai gaat he ... Read more

Published Date: Aug 29, 2024 (3 months, 3 weeks ago)
  • Cybersecurity News
Mirai Botnet Exploits Zero-Day Vulnerability CVE-2024-7029 in AVTECH IP Cameras

Akamai’s Security Intelligence Response Team (SIRT) has discovered a widespread Mirai botnet campaign exploiting a recently disclosed zero-day vulnerability (CVE-2024-7029) in AVTECH IP cameras. The v ... Read more

Published Date: Aug 29, 2024 (3 months, 3 weeks ago)
  • Ars Technica
Unpatchable 0-day in surveillance cam is being exploited to install Mirai

MIRAI STRIKES AGAIN — Vulnerability is easy to exploit and allows attackers to remotely execute commands. Malicious hackers are exploiting a critical vulnerability in a widely used security camera ... Read more

Published Date: Aug 28, 2024 (3 months, 3 weeks ago)
  • Dark Reading
CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet

Source: David Warren via Alamy Stock Photo Industrial control systems and critical infrastructure operators are being warned about a campaign leveraging a known zero-day vulnerability in remote monito ... Read more

Published Date: Aug 28, 2024 (3 months, 3 weeks ago)
  • Cybersecurity News
Critical Flaw Discovered in Popular Python Library Pandas

Information Stealer Malware on the Rise: ACSC Issues Urgent Cybersecurity WarningThe Australian Cyber Security Centre (ACSC) has issued a warning about the escalating threat of information stealer mal ... Read more

Published Date: Aug 26, 2024 (3 months, 3 weeks ago)
  • security.nl
VS waarschuwt voor actief misbruik van beveiligingslek in AVTech ip-camera

Het cyberagentschap van de Amerikaanse overheid waarschuwt voor actief misbruik van een kritieke kwetsbaarheid in een ip-camera van fabrikant AVTech en een beveiligingsupdate is niet beschikbaar. Het ... Read more

Published Date: Aug 02, 2024 (4 months, 2 weeks ago)

The following table lists the changes that have been made to the CVE-2024-7029 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Sep. 17, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt No Types Assigned https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt Exploit, Third Party Advisory
    Changed Reference Type https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07 No Types Assigned https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07 Third Party Advisory, US Government Resource
    Added CPE Configuration AND OR *cpe:2.3:o:avtech:avm1203_firmware:*:*:*:*:*:*:*:* versions up to (including) fullimg-1023-1007-1011-1009 OR cpe:2.3:h:avtech:avm1203:-:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Aug. 30, 2024

    Action Type Old Value New Value
    Added Reference ICS-CERT https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt [No types assigned]
  • CVE Received by [email protected]

    Aug. 02, 2024

    Action Type Old Value New Value
    Added Description Commands can be injected over the network and executed without authentication.
    Added Reference ICS-CERT https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07 [No types assigned]
    Added CWE ICS-CERT CWE-77
    Added CVSS V3.1 ICS-CERT AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added CVSS V4.0 ICS-CERT CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-7029 is associated with the following CWEs:

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability