Categories: CVE/vulnerability

Millions of IoT Devices Infected with “Devil’s Ivy” Remote Code Execution Vulnerability Including Internet Connected Cameras

A New Vulnerability called  “Devil’s Ivy” Discovered that infected Tens of Millions of IoT Devices which leads to Remotely Execute the code in IoT’s including cameras and Card Readers.

A stack Buffer over Flow Vulnerability  Presented in the many IoT Devices that cause Devil’s Ivy results in remote code execution and open source third-party code library found from gSOAP

This RCE Flow Tested in Axis Security Cameras and later Researchers Found that Devil’s Ivy is present in 249 distinct camera models.

Also Read Hajime Worm wrestle with Mirai Botnet to Control of your IoT Devices

It allows an attacker to remotely control the infected security cameras and leads to collect the sensitive information since this Axis security Cameras Deployed in many area including Airports,Banks etc.

gSOAP  Support  Services are Affected

gSOAP is a widely used web services toolkit and many developers used gSOAP as as part of a software stack to enable devices of all kinds to talk to the internet.

This RCE Flow presented deeply in communication layer in an open source third-party toolkit called gSOAP  (Simple Object Access Protocol).

Software or device manufacturers who used gSOAP to support their services are affected by Devil’s Ivy Flow.

gSOAP Managed by a company called Genivia claimed that more than  1M downloads of gSOAP including giant customers such as IBM, Microsoft, Adobe and Xerox.

Devil’s Ivy Flow in Axis Camera Model

Since Axis Camera Models are highly infected IoT that claims Devil’s Ivy is present in 249 distinct camera models it goes far beyond Axis.

“Axis explained the Risk Assessment, The risk for an Axis product installed protected behind a firewall or isolated network is limited. An adversary must have network access to the camera to exploit the vulnerability.”

Demonstration of Devil’s Ivy on the Axis M3004 security camera

ONVIF forum, an organization responsible maintaining software and networking protocols said, Axis is in the company that uses in a wide range of physical security products and reported that approximately 6% of the forum members use gSOAP.

Also Read IoT Botnet is Spreading over HTTP Port 81 Exploiting Security Cameras

Report claims that tens of millions of products software products and connected devices are affected by Devil’s Ivy to some degree.

This “Devil’s Ivy” Flow was reported to Genivia and patch was immediately released.

To Read full technical Analysis visit te Technical Analysis Blog post.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…

4 hours ago

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…

7 hours ago

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…

7 hours ago

PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack

A sophisticated phishing campaign, dubbed "PoisonSeed," has been identified targeting customer relationship management (CRM) and…

8 hours ago

Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials

A surge in phishing text messages claiming unpaid tolls has been linked to a massive…

8 hours ago

State Bar of Texas Confirms Data Breach, Begins Notifying Affected Consumers

The State Bar of Texas has confirmed a data breach following the detection of unauthorized…

8 hours ago