Threat actors are exploiting vulnerabilities in outdated GeoVision IoT devices and Samsung MagicINFO servers to integrate them into a Mirai botnet for DDoS attacks. The security flaws, including critical command injection vulnerabilities, raise concerns about the security of end-of-life devices and the potential for further exploits. Affected: GeoVision IoT devices, Samsung MagicINFO Server
Keypoints :
- Threat actors are exploiting two critical flaws in GeoVision IoT devices (CVE-2024-6047 and CVE-2024-11120) to execute arbitrary commands.
- The exploitation of these vulnerabilities results in the injection of commands that allow the downloading and execution of Mirai malware.
- Evidence suggests overlap with previous cyber campaigns named InfectedSlurs targeting outdated devices.
- Samsung MagicINFO 9 Server is also under attack due to a path traversal flaw (CVE-2024-7399) that was weaponized after a proof-of-concept was released.
- Users of affected GeoVision devices are advised to upgrade to newer models for enhanced security.
- For Samsung MagicINFO users, upgrading to version 21.1050 and later is recommended to mitigate potential risks.
Read More: https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html