CVE-2024-7029

HIGH EXPLOITED IN THE WILD NUCLEI

AVTECH AVM1203 Firmware < fullimg-1023-1007-1011-1009 - Unauthenticated OS Command Injection

Title source: llm

Exploitation Summary

CVE-2024-7029 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 4 public exploits from researchers including bigherocenter, geniuszly, ebrasha. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a Python-based exploit for CVE-2024-7029, targeting AvTech devices via a command injection vulnerability in the `/cgi-bin/supervisor/Factory.cgi` endpoint. It includes functionality for vulnerability checking, interactive shell, and multi-threaded scanning.

Description

Commands can be injected over the network and executed without authentication.

Exploits (4)

nomisec WORKING POC 11 stars

by bigherocenter · remote

https://github.com/bigherocenter/CVE-2024-7029-EXPLOIT

View Code ZIP pw:eip

This is a Python-based exploit for CVE-2024-7029, targeting AvTech devices via a command injection vulnerability in the `/cgi-bin/supervisor/Factory.cgi` endpoint. It includes functionality for vulnerability checking, interactive shell, and multi-threaded scanning.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: AvTech devices (specific version not specified)

No auth needed

Prerequisites: Network access to the target device · Vulnerable AvTech device with exposed CGI endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 8 stars

by geniuszly · remote

https://github.com/geniuszly/CVE-2024-7029

View Code ZIP pw:eip

This is a functional PoC exploit for CVE-2024-7029, targeting AvTech devices via a command injection vulnerability in the `/cgi-bin/supervisor/Factory.cgi` endpoint. It includes both single-target exploitation and multi-threaded scanning capabilities.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AvTech devices (specific version not specified)

No auth needed

Prerequisites: Network access to the target device · Python 3.7+ with required libraries

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 5 stars

by ebrasha · remote

https://github.com/ebrasha/CVE-2024-7029

View Code ZIP pw:eip

This is a Proof of Concept (PoC) exploit for CVE-2024-7029, targeting a command injection vulnerability in AvTech devices via the `/cgi-bin/supervisor/Factory.cgi` endpoint. The exploit includes functionality for checking vulnerability status and launching an interactive shell.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AvTech devices (specific version not specified)

No auth needed

Prerequisites: Network access to the target device · The target device must be running a vulnerable version of AvTech firmware

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/geniuszlyy/cve-2024-7029

View Code ZIP pw:eip

The repository contains a functional Python exploit for CVE-2024-7029, targeting AvTech devices via a command injection vulnerability in the `/cgi-bin/supervisor/Factory.cgi` endpoint. It includes both single-target and multi-threaded scanning capabilities, as well as an interactive shell for post-exploitation command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AvTech devices (specific version not specified)

No auth needed

Prerequisites: network access to the target device · Python 3.7+ with required libraries (requests, prompt_toolkit, alive_progress)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

Nuclei Templates (1)

AVTECH IP Camera - Command Injection

HIGHVERIFIEDby DhiyaneshDK

FOFA: body="AVTECH Software"

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt

Third Party Advisory, US Government Resource government-resource

https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07

Scores

CVSS v3 8.8

EPSS 0.9297

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2024-08-28

InTheWild.io 2024-07-29

CWE

CWE-77

Status published

Products (1)

avtech/avm1203_firmware < fullimg-1023-1007-1011-1009

Published Aug 02, 2024

Tracked Since Feb 18, 2026