Saturday, January 25, 2025
HomeCVE/vulnerabilityMillions of IoT Devices Infected with “Devil’s Ivy” Remote Code Execution Vulnerability...

Millions of IoT Devices Infected with “Devil’s Ivy” Remote Code Execution Vulnerability Including Internet Connected Cameras

Published on

SIEM as a Service

Follow Us on Google News

A New Vulnerability called  “Devil’s Ivy” Discovered that infected Tens of Millions of IoT Devices which leads to Remotely Execute the code in IoT’s including cameras and Card Readers.

A stack Buffer over Flow Vulnerability  Presented in the many IoT Devices that cause Devil’s Ivy results in remote code execution and open source third-party code library found from gSOAP

This RCE Flow Tested in Axis Security Cameras and later Researchers Found that Devil’s Ivy is present in 249 distinct camera models.

Also Read Hajime Worm wrestle with Mirai Botnet to Control of your IoT Devices

It allows an attacker to remotely control the infected security cameras and leads to collect the sensitive information since this Axis security Cameras Deployed in many area including Airports,Banks etc.

gSOAP  Support  Services are Affected

gSOAP is a widely used web services toolkit and many developers used gSOAP as as part of a software stack to enable devices of all kinds to talk to the internet.

This RCE Flow presented deeply in communication layer in an open source third-party toolkit called gSOAP  (Simple Object Access Protocol).

Software or device manufacturers who used gSOAP to support their services are affected by Devil’s Ivy Flow.

gSOAP Managed by a company called Genivia claimed that more than  1M downloads of gSOAP including giant customers such as IBM, Microsoft, Adobe and Xerox.

Devil’s Ivy Flow in Axis Camera Model 

Since Axis Camera Models are highly infected IoT that claims Devil’s Ivy is present in 249 distinct camera models it goes far beyond Axis.

“Axis explained the Risk Assessment, The risk for an Axis product installed protected behind a firewall or isolated network is limited. An adversary must have network access to the camera to exploit the vulnerability.”

Demonstration of Devil’s Ivy on the Axis M3004 security camera

ONVIF forum, an organization responsible maintaining software and networking protocols said, Axis is in the company that uses in a wide range of physical security products and reported that approximately 6% of the forum members use gSOAP.

Also Read IoT Botnet is Spreading over HTTP Port 81 Exploiting Security Cameras

Report claims that tens of millions of products software products and connected devices are affected by Devil’s Ivy to some degree.

This “Devil’s Ivy” Flow was reported to Genivia and patch was immediately released.

To Read full technical Analysis visit te Technical Analysis Blog post.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

370+ Ivanti Connect Secure Exploited Using 0-Day Vulnerability

A major cybersecurity incident has come to light, with more than 370 Ivanti Connect...

Zero-Click Outlook RCE Vulnerability (CVE-2025-21298), PoC Released

Microsoft issued a critical patch to address CVE-2025-21298, a zero-click Remote Code Execution (RCE)...