A botnet is exploiting a zero-day in end-of-life GeoVision devices to compromise devices in the wild.The zero-day, tracked as CVE-2024-11120, is a pre-auth command injection vulnerability.The botnet is used for DDoS or cryptomining attacks.Approximately 17,000 Internet-facing GeoVision devices are vulnerable to the zero-day.