Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Hackers exploit Samsung MagicINFO, GeoVision IoT flaws to deploy Mirai botnet


By Ravie Lakshmanan

Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral them into a Mirai botnet for conducting distributed denial-of-service (DDoS) attacks.

The activity, first observed by the Akamai Security Intelligence and Response Team (SIRT) in early April 2025, involves the exploitation of two operating system command injection flaws (CVE-2024-6047 and CVE-2024-11120, CVSS scores: 9.8) that could be used to execute arbitrary system commands.

“The exploit targets the /DateSetting.cgi endpoint in GeoVision IoT devices, and injects commands into the szSrvIpAddr parameter,” Akamai researcher Kyle Lefton said in a report shared with The Hacker News.

Read more at The Hacker News

Click to listen highlighted text!