DE
DE EN
DE
DE EN
Kontakt
Anmeldung
Themen
Finanzen & Versicherung
Handel
Industrie
IT & Beratung
Tourismus
Transport
Recht
Öffentlich

Botnet exploits GeoVision zero-day to install Mirai malware

0
Teilen:

A malware botnet is exploiting a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them for likely DDoS or cryptomining attacks.

The flaw is tracked as CVE-2024-11120 and was discovered by Piort Kijewski of The Shadowserver Foundation. It is a critical severity (CVSS v3.1 score: 9.8) OS command injection problem, allowing unauthenticated attackers to execute arbitrary system commands on the device.

“Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device,” warns Taiwan’s CERT.

“Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.”

According to TWCERT, the vulnerability impacts the following device models:

  • GV-VS12: A 2-channel H.264 video server that converts analog video signals into digital streams for network transmission.
  • GV-VS11: A single-channel video server designed to digitize analog video for network streaming.
  • GV-DSP LPR V3: A Linux-based system dedicated to license plate recognition (LPR).
  • GV-LX4C V2 / GV-LX4C V3: Compact digital video recorders (DVRs) designed for mobile surveillance applications.

All of these models have reached the end of life and are no longer supported by the vendor, so no security updates are expected.

Threat monitoring platform The Shadowserver Foundation reports that approximately 17,000 GeoVision devices are exposed online and are vulnerable to the CVE-2024-11120 flaw.

Kijewski told BleepingComputer that the botnet appears to be a Mirai variant, which is usually used as part of DDoS platforms or to perform cryptomining.

Tweet

Most of the exposed devices (9,100) are based in the United States, followed by Germany (1,600), Canada (800), Taiwan (800), Japan (350), Spain (300), and France (250).

Location of exposed GeoVision devices
Location of exposed GeoVision devices
Source: The Shadowserver Foundation

In general, signs of botnet compromise include devices heating excessively, becoming slow or unresponsive, and having their configuration arbitrarily changed.

If you notice any of these symptoms, perform a device reset, change the default admin password to something strong, turn off remote access panels, and place the device behind a firewall.

Ideally, these devices should be replaced with actively supported models, but if that’s impossible, they should be isolated on a dedicated LAN or subnet and closely monitored.

Bill Toulas

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
3:02 am, Juli 2, 2025
Wetter-Symbol 20°C
L: 18° | H: 21°
light rain
Luftfeuchtigkeit: 78 %
Druck: 1015 mb
Wind: 6 mph ENE
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0.11 mm
Wolken: 34%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:48 am
Sonnenuntergang: 9:20 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
18° | 21°°C 0.26 mm 26% 11 mph 77 % 1023 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
14° | 26°°C 0 mm 0% 12 mph 54 % 1028 mb 0 mm/h
Fr. Juli 04 10:00 pm
Wetter-Symbol
15° | 26°°C 0 mm 0% 12 mph 61 % 1028 mb 0 mm/h
Sa. Juli 05 10:00 pm
Wetter-Symbol
16° | 21°°C 1 mm 100% 13 mph 95 % 1022 mb 0 mm/h
So. Juli 06 10:00 pm
Wetter-Symbol
14° | 17°°C 1 mm 100% 12 mph 91 % 1009 mb 0 mm/h
Today 4:00 am
Wetter-Symbol
18° | 20°°C 0 mm 0% 5 mph 75 % 1015 mb 0 mm/h
Today 7:00 am
Wetter-Symbol
19° | 20°°C 0 mm 0% 8 mph 77 % 1015 mb 0 mm/h
Today 10:00 am
Wetter-Symbol
21° | 21°°C 0 mm 0% 6 mph 73 % 1016 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
19° | 19°°C 0.2 mm 20% 7 mph 71 % 1017 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
21° | 21°°C 0.26 mm 26% 8 mph 45 % 1019 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
24° | 24°°C 0 mm 0% 11 mph 32 % 1020 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
18° | 18°°C 0 mm 0% 11 mph 35 % 1023 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
15° | 15°°C 0 mm 0% 7 mph 39 % 1025 mb 0 mm/h
Wetter von OpenWeatherMap
Name Preis24H (%)
Bitcoin(BTC)
€89,542.29
-1.45%
Ethereum(ETH)
€2,040.76
-3.26%
Fesseln(USDT)
€0.85
-0.02%
XRP(XRP)
€1.85
-2.47%
Solana(SOL)
€125.14
-4.43%
USDC(USDC)
€0.85
0.00%
Dogecoin(DOGE)
€0.134315
-4.09%
Shiba Inu(SHIB)
€0.000009
-1.71%
Pepe(PEPE)
€0.000008
-4.43%
Risikomonitor
Erkennen und überwachen Sie IT-Schwachstellen mit nur einem Klick, bevor es zu spät ist.

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Nach oben scrollen