Discontinued GeoVision video surveillance products are falling victim to botnet attacks targeting a newly discovered zero-day vulnerability, The Shadowserver Foundation warns.
The issue, tracked as CVE-2024-11120 (CVSS score of 9.8), is described as an OS command injection flaw that can be exploited remotely, without authentication.
“Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device,” a NIST advisory reads.
The security defect was discovered by Piotr Kijewski of The Shadowserver Foundation, who verified it in collaboration with Taiwan CERT and GeoVision prior to public disclosure.
“Moreover, this vulnerability has already been exploited by attackers, and we have received related reports,” Taiwan CERT notes in an advisory.
GeoVision product models confirmed to be vulnerable include GV-VS12 and GV-VS11 video servers, GV-DSP_LPR_V3 license plate capture systems, and GVLX 4 V2 and GVLX 4 V3 DVRs, Taiwan CERT says.
Because all five product models have reached End-of-Life (EoL) status and are no longer supported, no security patch will be released for them.
Both The Shadowserver Foundation and Taiwan CERT recommend that users of the affected models replace them as soon as possible.
Advertisement. Scroll to continue reading.
“If you run a vulnerable EoL version, please remove [it] from the Internet and replace it,” The Shadowserver Foundation warned on Friday.
The organization has been seeing roughly 17,000 GeoVision devices exposed to the internet, roughly half of which are in the US.
Related: Citrix, Cisco, Fortinet Zero-Days Among 2023’s Most Exploited Vulnerabilities
Related: CISA: Oracle Vulnerabilities From ‘Miracle Exploit’ Targeted in Attacks
Related: Researcher Drops Oracle VirtualBox Zero-Day
Related: Authentication Bypass in Adobe Experience Manager Impacts Large Organizations