CVE-2024-7029
Published: 02 August 2024
Summary
CVE-2024-7029 is a high-severity Command Injection (CWE-77) vulnerability in Avtech Avm1203 Firmware. Its CVSS base score is 8.7 (High).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2024-7029 is a command-injection vulnerability (CWE-77) that permits unauthenticated remote attackers to supply and execute arbitrary commands over the network. The flaw carries a CVSS 4.0 score of 8.7 and affects a network-accessible component whose identity is referenced in ICS and security-research disclosures but is not further detailed in the supplied metadata.
An attacker with network reachability can exploit the issue without credentials or user interaction, achieving full command execution that yields high impacts on confidentiality, integrity, and availability. The associated EPSS score of approximately 0.93 indicates a high likelihood of exploitation in the wild.
Public advisories from CISA (ICSA-24-214-07) and Akamai research address the issue in the context of observed Mirai-variant botnet activity; operators should consult those sources for patch availability, configuration guidance, and recommended network controls.
The consistently elevated EPSS values reflect sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-48461
Vulnerability details
Commands can be injected over the network and executed without authentication.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.