The danger actors have been seen actively exploiting security defects in the Geovision End of-Life (EOL) Internet of Things (IOT) devices, including them in a Mirai Botnet to conduct the DDOs (DDOS) attacks distributed.
The activity seen by the Akamai Security Intelligence and Response Team (SIRT) for the first time in early April 2025 The two operating system command injection falls (CVE-2024-6047 and CVE-2024-11120, CvSS score: 9.8), which can be used to use arbitrary manner.
Akamai’s researcher Kyle Leftton said in a report shared with hacker news, “Exploitation targets /datesting.cgi in the devices /idatesting.cgi ends the concluding point, and injects the command in szsrvipaddr parameters.”
In the attacks found by the web Security and Infrastructure Company, the botetas have been found to inject the command to download and execute an ARM version of the Mirai Malware called Lzrd.
Some weaknesses exploited by Botnett, a Hadoop yarn vulnerability, cve-2018–10561, and a bug that affects Dijivars, highlighted in December 2024.
There is some evidence to suggest that the campaign overlaps under infections with already recorded activity.
“One of the most effective ways to start collecting boatnets for cyber criminals is to target poorly safe and old firmware on older devices for cyber criminals.”
“There are many hardware manufacturers who do not release patches for retired equipment (in some cases, the manufacturer can be defective himself).”
Given that the affected Geovization devices are unlikely to receive new patch, it is recommended that the users upgrade to a new model to protect against potential threats.
Samsung Magicinfo Dosual exploitation in Mirai attacks
The disclosure comes in the form of Arctic Wolf and the SANS Technology Institute warned of active exploitation of CVE-2024-7399 (CVSS Score: 8.8), which is a path traverse dosha in the Samsung Magicinfo 9 server that is a path traverse dosha in the Samsung Magicinfo 9 Server which can distribute a mirai botnette to an attacker as a mirai botnette. Is.
While the issue was addressed by Samsung in August 2024, it has since been armed by the attackers after the release of a proof-off-concept (POC) on April 30, 2025, so that the shell script responsible for downloading the botett can be rebuilt and executed.
Arctic Wolf said, “The vulnerability allows informal users for arbitrary file writing, and can eventually lead to remote code to perform execution when vulgarity is used to write specifically designed Javaserver Page (JSP) files,” said the Arctic Wolf.
Users are recommended to update their examples to reduce the 21.1050 version and subsequent potential operating effects.
