Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet
May 06, 2025
Internet of Thing / Vulnerability
Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral them into a Mirai botnet for conducting distributed denial-of-service (DDoS) attacks. The activity, first observed by the Akamai Security Intelligence and Response Team (SIRT) in early April 2025, involves the exploitation of two operating system command injection flaws ( CVE-2024-6047 and CVE-2024-11120 , CVSS scores: 9.8) that could be used to execute arbitrary system commands. "The exploit targets the /DateSetting.cgi endpoint in GeoVision IoT devices, and injects commands into the szSrvIpAddr parameter," Akamai researcher Kyle Lefton said in a report shared with The Hacker News. In the attacks detected by the web security and infrastructure company, the botnet has been found injecting commands to download and execute an ARM version of the Mirai malware called LZRD . Some of the vulnerabilities exploited by the botnet includ...