Cybersecurity researchers have detected the active exploitation of a zero-day vulnerability in GeoVision devices, which the manufacturer no longer supports.
The vulnerability, now designated as CVE-2024-11120, has been assigned a high-severity CVSS score of 9.8 and used by a sophisticated botnet.
The security flaw is a pre-authentication command injection vulnerability, which allows attackers to execute arbitrary commands on vulnerable GeoVision devices without requiring authentication.
This poses a significant risk, enabling malicious actors to compromise devices remotely, and giving them full control over the affected systems.
Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders - Attend Free Webinar
The vulnerability was first reported by Shadowserver Foundation, a respected non-profit organization focused on improving internet security.
In a statement shared on X, Shadowserver confirmed, “We observed a 0-day exploit in the wild used by a botnet targeting GeoVision EOL devices. The pre-auth command injection vulnerability was verified in collaboration with TWCERT & GeoVision & assigned CVE-2024-11120.”
GeoVision, a company known for its video surveillance systems, has since confirmed the existence of the vulnerability in its End-of-Life (EOL) devices, which are no longer receiving security updates.
The collaboration with Shadowserver and Taiwan’s Computer Emergency Response Team (TWCERT) helped verify the issue, but due to the EOL status of many affected devices, patching options remain limited.
Security experts are urging organizations and individuals still using legacy GeoVision devices to take immediate action.
Recommended steps include disconnecting the devices from the internet if updates cannot be applied, segmenting the network, and replacing outdated hardware with more secure alternatives.
The botnet responsible for exploiting CVE-2024-11120 is actively targeting vulnerable devices to expand its network, posing a threat to both individuals and organizations globally.
Additional information on mitigations and workarounds is expected to be shared by relevant authorities in the coming days.
Simplify and speed up Threat Analysis Workflow by Auto-detonating Cyber Attacks in a Malware sandbox
Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured on-premises…
Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific versions…
Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms. Phishing…
A Russian software developer, aided by the National Technology Initiative, has introduced a groundbreaking AI…
A serious security flaw has been identified in Ivanti Connect Secure, designated as CVE-2025-0282, which enables…
Let’s Encrypt has announced plans to introduce six-day certificate options and support for IP address…