Back to KEVs

CVE-2024-7029

Command Injection in AVTech AVM1203 (IP Camera)

Basic Information

CVE State
PUBLISHED
Reserved Date
July 23, 2024
Published Date
August 02, 2024
Last Updated
January 09, 2025
Vendor
AVTech
Product
AVM1203 (IP Camera)
Description
Commands can be injected over the network and executed without authentication.
Tags
nuclei_scanner

CVSS Scores

CVSS v4.0

8.7 - HIGH

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation
none
Technical Impact
total

Exploit Status

Proof of Concept Available
Yes (added 2024-10-08 10:04:08 UTC) Source

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07 https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-08-20 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-7029.yaml 2025-04-25 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

geniuszly/CVE-2024-7029

Type: github • Created: 2024-10-08 10:04:08 UTC • Stars: 8

A PoC exploit for the CVE-2024-7029 vulnerability found in AvTech devices, allowing Remote Code Execution (RCE)

ebrasha/CVE-2024-7029

Type: github • Created: 2024-09-02 10:16:49 UTC • Stars: 5

A PoC tool for exploiting CVE-2024-7029 in AvTech devices, enabling RCE, vulnerability scanning, and an interactive shell.

bigherocenter/CVE-2024-7029-EXPLOIT

Type: github • Created: 2024-08-30 07:58:27 UTC • Stars: 10

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Added to KEVIntel