AVTECH Details

    Organization Logo

    AVTECH

    Taipei299 employees • Technology

    http://www.avtech.com.tw/NetworkCamera.aspx
    Taiwan

    Industry

    Technology

    Security Incidents

    1

    AVTECH is a leading manufacturer of video surveillance equipment, specializing in IP (Internet Protocol) cameras and related technology. Founded in 1996, the company has strived to bring advanced security solutions to the market, focusing on ease of use, reliability, and high-quality video monitoring. AVTECH's products are designed for both residential and commercial applications, offering features such as high-resolution imaging, night vision, and remote viewing capabilities through mobile devices and computers.

    The company's IP cameras are notable for integrating with various security fram...
    Show more

    Security Incidents

    AVTECH Breach of Mar 2024
    Severity Score
    Moderate

    Type

    Zero-Day Exploit

    Summary

    On March 2024, researchers identified a botnet campaign that exploited several vulnerabilities, including a zero-day vulnerability (CVE-2024-7029) in AVTECH closed-circuit television (CCTV) cameras. CVE-2024-7029, a command injection vulnerability in the brightness function of AVTECH IP camera devices, allows for remote code execution with elevated privileges. The vulnerability, affecting firmware versions up to and including AVM1203, was initially observed in March 2024, though the threat actor has been active since December 2023.

    This botnet campaign spreads a Mirai variant with strings re...
    Show more

    Severity

    In March 2024, researchers identified a sophisticated botnet campaign exploiting several vulnerabilities, including a critical zero-day (CVE-2024-7029) in AVTECH CCTV cameras that allowed for remote code execution with elevated privileges. The campaign, which had been active since December 2023, also targeted other significant flaws such as CVE-2014-8361 and CVE-2017-17215, making use of a Mirai variant to compromise older, unpatched systems. Given the extensive use of AVTECH devices across industries, including critical infrastructure, the campaign posed a substantial threat, prompting adviso...
    Show more

    Impact

    The recent botnet campaign exploiting multiple vulnerabilities, including the zero-day CVE-2024-7029 in AVTECH CCTV cameras, was a significant cybersecurity incident. This particular vulnerability allowed attackers to execute remote code with elevated privileges, impacting critical infrastructure entities by integrating the compromised devices into a Mirai variant botnet. Customer data was not directly exposed, but the attack resulted in the compromise of devices across various industries, highlighting the necessity for robust network isolation and secure remote access configurations.

    Althoug...
    Show more

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos