A botnet employed in DDoS or cryptomining attacks is exploiting a zero-day in end-of-life GeoVision devices to grow up.———————————————————————————————————————–Researchers at the Shadowserver Foundation observed a botnet exploiting a zero-day in GeoVision EOL (end-of-Life) devices to compromise devices in the wild. The GeoVision zero-day, tracked as CVE-2024-11120 (CVSS 9.8), is a pre-auth command injection vulnerability that was discovered by Shadowserver Foundation and verified with the help of TWCERT.The vulnerability impacts the following EoL products:* GV-VS12* GV-VS11* GV-DSP_LPR_V3* GVLX 4 V2* GVLX 4 V3*’Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.’ reads the [advisory](https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html) published by TWCERT. ‘Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.’*The botnet was used to carry out DDoS or cryptomining attacks.According to Shadowserver Foundation, there are [approximately 17,000 Internet-facing GeoVision devices](https://dashboard.shadowserver.org/statistics/iot-devices/map/?day=2024-11-14&vendor=geovision&geo=all&data_set=count&scale=log) vulnerable to the CVE-2024-11120 zero-day.https://twitter.com/Shadowserver/status/1857356338747040225Most of the exposed devices are based in the United States (9,179), followed by Germany (1,652), Taiwan (792), and Canada (784).Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, [cryptomining](https://securityaffairs.com/130470/cyber-crime/lemon_duck-cryptomining-botnet-targets-docker.html))**
Related Tags:
NAICS: 921 – Executive
Legislative
Other General Government Support
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 92 – Public Administration
NAICS: 33 – Manufacturing – Metal
Electronics And Other
Blog: Security Affairs
Exploit Public-Facing Application
Exploitation for Privilege Escalation
Associated Indicators: