Thursday, May 15, 2025
HomeCVE/vulnerabilityMillions of IoT Devices Infected with “Devil’s Ivy” Remote Code Execution Vulnerability...

Millions of IoT Devices Infected with “Devil’s Ivy” Remote Code Execution Vulnerability Including Internet Connected Cameras

Published on

SIEM as a Service

Follow Us on Google News

A New Vulnerability called  “Devil’s Ivy” Discovered that infected Tens of Millions of IoT Devices which leads to Remotely Execute the code in IoT’s including cameras and Card Readers.

A stack Buffer over Flow Vulnerability  Presented in the many IoT Devices that cause Devil’s Ivy results in remote code execution and open source third-party code library found from gSOAP

This RCE Flow Tested in Axis Security Cameras and later Researchers Found that Devil’s Ivy is present in 249 distinct camera models.

- Advertisement - Google News

Also Read Hajime Worm wrestle with Mirai Botnet to Control of your IoT Devices

It allows an attacker to remotely control the infected security cameras and leads to collect the sensitive information since this Axis security Cameras Deployed in many area including Airports,Banks etc.

gSOAP  Support  Services are Affected

gSOAP is a widely used web services toolkit and many developers used gSOAP as as part of a software stack to enable devices of all kinds to talk to the internet.

This RCE Flow presented deeply in communication layer in an open source third-party toolkit called gSOAP  (Simple Object Access Protocol).

Software or device manufacturers who used gSOAP to support their services are affected by Devil’s Ivy Flow.

gSOAP Managed by a company called Genivia claimed that more than  1M downloads of gSOAP including giant customers such as IBM, Microsoft, Adobe and Xerox.

Devil’s Ivy Flow in Axis Camera Model 

Since Axis Camera Models are highly infected IoT that claims Devil’s Ivy is present in 249 distinct camera models it goes far beyond Axis.

“Axis explained the Risk Assessment, The risk for an Axis product installed protected behind a firewall or isolated network is limited. An adversary must have network access to the camera to exploit the vulnerability.”

Demonstration of Devil’s Ivy on the Axis M3004 security camera

ONVIF forum, an organization responsible maintaining software and networking protocols said, Axis is in the company that uses in a wide range of physical security products and reported that approximately 6% of the forum members use gSOAP.

Also Read IoT Botnet is Spreading over HTTP Port 81 Exploiting Security Cameras

Report claims that tens of millions of products software products and connected devices are affected by Devil’s Ivy to some degree.

This “Devil’s Ivy” Flow was reported to Genivia and patch was immediately released.

To Read full technical Analysis visit te Technical Analysis Blog post.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Leverage Weaponized HTML Files to Deliver Horabot Malware

A recent discovery by FortiGuard Labs has unveiled a cunning phishing campaign orchestrated by...

TA406 Hackers Target Government Entities to Steal Login Credentials

The North Korean state-sponsored threat actor TA406, also tracked as Opal Sleet and Konni,...

Google Threat Intelligence Releases Actionable Threat Hunting Technique for Malicious .desktop Files

Google Threat Intelligence has unveiled a series of sophisticated threat hunting techniques to detect...

New Adobe Photoshop Vulnerability Enables Arbitrary Code Execution

Adobe has released critical security updates addressing three high-severity vulnerabilities (CVE-2025-30324, CVE-2025-30325, CVE-2025-30326) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

PoC Code Published for Linux nftables Security Vulnerability

Security researchers have published proof-of-concept (PoC) exploit code for CVE-2024-26809, a high-severity double-free vulnerability in...

Cisco IOS XE Vulnerability Allows Attackers to Gain Elevated Privileges

Cisco has issued an urgent security advisory (ID: cisco-sa-iosxe-privesc-su7scvdp) following the discovery of multiple...

Cisco IOS, XE, and XR Vulnerability Allows Remote Device Reboots

 Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in...