A new malware botnet is actively exploiting a zero-day vulnerability in end-of-life GeoVision devices, potentially recruiting them for Distributed Denial of Service (DDoS) attacks or cryptomining operations.
The vulnerability, tracked as CVE-2024-11120, is a critical OS command injection flaw. The vulnerability exists due to improper input validation. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
According to a security advisory from Taiwan’s CERT, the flaw affects the following models: GV-VS12, GV-VS11, GV-DSP LPR V3, and GV-LX4C V2/V3, all of which have reached end of life and are no longer supported by the manufacturer.
The Shadowserver Foundation reports that approximately 17,000 GeoVision devices remain exposed online, with 9,100 of the vulnerable devices located in the United States, followed by Germany (1,600), Canada (800), Taiwan (800), Japan (350), Spain (300), and France (250).
