Title
By Netvora Tech News
Akamai Discloses Active Exploitation of GeoVision IoT Devices Akamai, a leading internet infrastructure company, has disclosed that attackers are actively exploiting two vulnerabilities in GeoVision's Internet of Things (IoT) devices. The vulnerabilities, identified as CVE-2024-6047 and CVE-2024-11120, allow an unauthenticated attacker to remotely execute commands on the device and take control of it. The impacted devices, which are no longer receiving security updates, include ip-camera's, video servers, and an ANPR system for reading license plates. The Taiwanese Computer Emergency Response Team (TWCERT) warned about these vulnerabilities in June and November of last year, advising owners to replace the systems. However, TWCERT and The Shadowserver Foundation reported that the CVE-2024-11120 vulnerability had already been exploited. Akamai has now confirmed that a Mirai-based botnet is using the vulnerabilities to infect devices and conduct DDoS attacks. The botnet can then use infected devices to search for other vulnerable machines. Akamai advises owners of the vulnerable GeoVision devices to upgrade to a newer model that still receives support.
Impact and Exploitation
The impact of both vulnerabilities has been rated 9.8 out of 10, indicating a high severity. The vulnerabilities allow attackers to remotely execute commands on the device, giving them full control over the system. Akamai notes that exploitation of the vulnerabilities has been active, but did not provide further details.Recommendations
Akamai advises owners of the vulnerable GeoVision devices to take immediate action to secure their systems. The recommended course of action is to upgrade to a newer model that still receives support. Additionally, users are advised to:- Discontinue use of the vulnerable devices
- Replace the devices with newer models that still receive support
- Implement additional security measures to protect against future attacks
Comments (0)
Leave a comment