{"uuid": "492957cb-9195-44ea-bab5-fcaa66c09c4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-7029", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1236", "content": "\ud83d\udccd \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc #\u062a\u0632\u0631\u06cc\u0642_\u0641\u0631\u0645\u0627\u0646 \u062f\u0631 #\u062f\u0648\u0631\u0628\u06cc\u0646\u200c\u0647\u0627\u06cc_IP #AVTECH\n\n\u0645\u0631\u06a9\u0632 #\u0627\u0645\u0646\u06cc\u062a_\u0633\u0627\u06cc\u0628\u0631\u06cc \u0648 #\u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u200c\u0647\u0627\u06cc_\u0645\u0647\u0645 \u0622\u0645\u0631\u06cc\u06a9\u0627 (CISA) \u062f\u0631 \u06af\u0632\u0627\u0631\u0634 \u0627\u062e\u06cc\u0631 \u062e\u0648\u062f (ICSA-24-214-07) \u0628\u0647 \u06cc\u06a9 #\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0633\u06cc\u0627\u0631 \u062c\u062f\u06cc \u062f\u0631 \u062f\u0648\u0631\u0628\u06cc\u0646\u200c\u0647\u0627\u06cc IP \u0634\u0631\u06a9\u062a AVTECH \u0627\u0634\u0627\u0631\u0647 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0647 #\u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u062a\u0627 \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u062f\u0644\u062e\u0648\u0627\u0647 \u062e\u0648\u062f \u0631\u0627 \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0646\u062f \u0648 #\u06a9\u0646\u062a\u0631\u0644_\u06a9\u0627\u0645\u0644 \u062f\u0633\u062a\u06af\u0627\u0647 \u0631\u0627 \u062f\u0631 \u062f\u0633\u062a \u0628\u06af\u06cc\u0631\u0646\u062f.\n\n\u0634\u0631\u062d \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc:\n\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc #\u062a\u0632\u0631\u06cc\u0642_\u0641\u0631\u0645\u0627\u0646 (CVE-2024-7029) \u062f\u0631 \u0642\u0627\u0628\u0644\u06cc\u062a\u200c\u0647\u0627\u06cc \u062f\u0648\u0631\u0628\u06cc\u0646\u200c\u0647\u0627\u06cc IP AVTECH \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u0628\u062f\u0648\u0646 \u0646\u06cc\u0627\u0632 \u0628\u0647 #\u0627\u062d\u0631\u0627\u0632_\u0647\u0648\u06cc\u062a\u060c \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0645\u062e\u0631\u0628 \u0631\u0627 \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 \u062a\u0632\u0631\u06cc\u0642 \u06a9\u0646\u0646\u062f. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0647 \u0648\u06cc\u0698\u0647 \u062f\u0631 \u0645\u062f\u0644 AVM1203 \u0628\u0627 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc #\u0641\u0631\u06cc\u0645\u0648\u0631 \u0642\u062f\u06cc\u0645\u06cc\u200c\u062a\u0631 \u0627\u0632 FullImg-1023-1007-1011-1009 \u0645\u0634\u0627\u0647\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a.\n\n\u067e\u06cc\u0627\u0645\u062f\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc:\n\u0628\u0627 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u060c \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f:\n\n#\u0627\u062c\u0631\u0627\u06cc_\u06a9\u062f_\u062f\u0644\u062e\u0648\u0627\u0647: \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u06a9\u062f\u0647\u0627\u06cc \u0645\u062e\u0631\u0628 \u062e\u0648\u062f \u0631\u0627 \u0628\u0631 \u0631\u0648\u06cc \u062f\u0633\u062a\u06af\u0627\u0647 \u0627\u062c\u0631\u0627 \u06a9\u0631\u062f\u0647 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0627\u0645\u0644 \u0622\u0646 \u0631\u0627 \u062f\u0631 \u062f\u0633\u062a \u0628\u06af\u06cc\u0631\u0646\u062f.\n#\u0631\u062f\u06cc\u0627\u0628\u06cc_\u0648_\u0646\u0638\u0627\u0631\u062a: \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0627\u0632 \u062f\u0648\u0631\u0628\u06cc\u0646 \u0628\u0631\u0627\u06cc \u0646\u0638\u0627\u0631\u062a \u0628\u0631 \u0645\u062d\u06cc\u0637 \u0648 \u062c\u0645\u0639\u200c\u0622\u0648\u0631\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u0646\u062f.\n#\u0627\u0646\u06a9\u0627\u0631_\u0633\u0631\u0648\u06cc\u0633: \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u062f\u0631\u062e\u0648\u0627\u0633\u062a\u200c\u0647\u0627\u06cc \u0632\u06cc\u0627\u062f \u0628\u0647 \u062f\u0648\u0631\u0628\u06cc\u0646\u060c \u0622\u0646 \u0631\u0627 \u0627\u0632 \u06a9\u0627\u0631 \u0628\u06cc\u0627\u0646\u062f\u0627\u0632\u0646\u062f.\n\n\u062a\u0648\u0635\u06cc\u0647\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc:\n\u0633\u0627\u0632\u0645\u0627\u0646 CISA \u0628\u0647 \u0634\u062f\u062a \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0627\u06cc\u0646 \u062f\u0648\u0631\u0628\u06cc\u0646\u200c\u0647\u0627\u060c \u0628\u0647 \u0633\u0631\u0639\u062a \u0628\u0647 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u062c\u062f\u06cc\u062f\u062a\u0631 \u0648 \u0627\u06cc\u0645\u0646\u200c\u062a\u0631 \u0641\u0631\u06cc\u0645\u0648\u0631 \u0627\u0631\u062a\u0642\u0627 \u062f\u0647\u0646\u062f. \u062f\u0631 \u0635\u0648\u0631\u062a \u0639\u062f\u0645 \u0627\u0631\u0627\u0626\u0647 #\u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u062a\u0648\u0633\u0637 \u0634\u0631\u06a9\u062a AVTECH\u060c \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0632\u06cc\u0631 \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f:\n\n#\u062c\u062f\u0627_\u06a9\u0631\u062f\u0646_\u0627\u0632_\u0634\u0628\u06a9\u0647: \u062a\u0627 \u062d\u062f \u0627\u0645\u06a9\u0627\u0646 \u062f\u0648\u0631\u0628\u06cc\u0646 \u0631\u0627 \u0627\u0632 \u0634\u0628\u06a9\u0647 \u0627\u0635\u0644\u06cc \u062c\u062f\u0627 \u06a9\u0631\u062f\u0647 \u0648 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u06cc\u06a9 \u0634\u0628\u06a9\u0647 \u0627\u06cc\u0632\u0648\u0644\u0647 \u0628\u0647 \u0622\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u06cc\u062f.\n#\u062a\u063a\u06cc\u06cc\u0631_\u0631\u0645\u0632_\u0639\u0628\u0648\u0631: \u0631\u0645\u0632 \u0639\u0628\u0648\u0631 \u067e\u06cc\u0634\u200c\u0641\u0631\u0636 \u062f\u0648\u0631\u0628\u06cc\u0646 \u0631\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0627\u062f\u0647 \u0648 \u0627\u0632 \u0631\u0645\u0632\u0647\u0627\u06cc \u0639\u0628\u0648\u0631 \u0642\u0648\u06cc \u0648 \u0645\u0646\u062d\u0635\u0631 \u0628\u0647 \u0641\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f.\n#\u0628\u0633\u062a\u0646_\u067e\u0648\u0631\u062a\u200c\u0647\u0627\u06cc_\u063a\u06cc\u0631\u0636\u0631\u0648\u0631\u06cc: \u067e\u0648\u0631\u062a\u200c\u0647\u0627\u06cc \u063a\u06cc\u0631\u0636\u0631\u0648\u0631\u06cc \u0631\u0627 \u0628\u0631 \u0631\u0648\u06cc \u062f\u0648\u0631\u0628\u06cc\u0646 \u0628\u0628\u0646\u062f\u06cc\u062f.\n\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 #\u0641\u0627\u06cc\u0631\u0648\u0627\u0644: \u0627\u0632 \u06cc\u06a9 \u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0628\u0631\u0627\u06cc \u0645\u062d\u0627\u0641\u0638\u062a \u0627\u0632 \u062f\u0648\u0631\u0628\u06cc\u0646 \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 \u062d\u0645\u0644\u0627\u062a \u062e\u0627\u0631\u062c\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f.\n\n\ud83d\udd17 \u062c\u0647\u062a \u0645\u0637\u0627\u0644\u0639\u0647 \u0627\u062f\u0627\u0645\u0647 \u0645\u0642\u0627\u0644\u0647 \u0628\u0647 \u0627\u06cc\u0646 \u0633\u0627\u06cc\u062a \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f:\n\n\ud83c\udf10 https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07\n\n\ud83d\udccd #Critical #CommandInjection #Vulnerability in #AVTECH #IP_Cameras\n\nThe #Cybersecurity and #Infrastructure_Security_Agency (#CISA) has reported a highly critical vulnerability in AVTECH IP cameras in its recent advisory (ICSA-24-214-07). This vulnerability allows #attackers to execute arbitrary commands on the system and gain full control of the device.\n\nVulnerability Description:\nThe command injection vulnerability (CVE-2024-7029) exists in the capabilities of AVTECH IP cameras, allowing attackers to inject malicious commands into the system without #authentication. This vulnerability is particularly observed in the AVM1203 model with #firmware versions older than FullImg-1023-1007-1011-1009.\n\nSecurity Implications:\nBy exploiting this vulnerability, attackers can:\n\n- Execute Arbitrary Code: Run malicious code on the device and gain complete control.\n- Surveillance and Monitoring: Use the camera for monitoring the environment and collecting information.\n- Denial of Service (DoS): Overload the camera with numerous requests, rendering it inoperative.\n\nSecurity Recommendations:\nCISA strongly advises users of these cameras to promptly upgrade to newer and more secure firmware versions. If updates are not provided by AVTECH, the following actions are recommended:\n\n- Network Isolation: Disconnect the camera from the main network and access it through an isolated network whenever possible.\n- Change Default Passwords: Update the default camera passwords to strong, unique passwords.\n- Close Unnecessary Ports: Close any unnecessary ports on the camera.\n- Use a Firewall: Implement a firewall to protect the camera from external attacks.\n\n\ud83d\udd17 To read the full article, visit:\n\n\ud83c\udf10 https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07", "creation_timestamp": "2024-08-06T15:41:06.000000Z"}