A series of IP cameras still used all over the world, despite being well past their end of life, have been exploited to create a new Mirai botnet.  The vulnerability (CVSS 8.7, CVE-2024-7029) was reported to CISA by security researchers from Akamai, who said the campaign they discovered leveraging the remote code execution (RCE) vulnerability in AVTECH AVM1203 IP cameras they found has been active since early 2024, but the vulnerability is much older. “The proof of concept (PoC) for CVE-2024-7029 has been publicly available since at least 2019, but it never had a proper CVE assignment until August 2024,”

Source: The Register