The Internet of Things (IoT) has grown rapidly, and nowadays, it is exploited by cyber attacks on IoT devices. An accurate system to identify malicious attacks on the IoT environment has become very important for minimizing security risks on IoT devices. Botnet attacks are among the most serious and widespread attacks, and they threaten IoT devices. Motionless IoT devices have a security weakness due to lack of sufficient memory and computation results for a security platform. In addition, numerous existing systems present themselves for finding unknown patterns from IoT networks to improve security. In this study, hybrid deep learning, a convolutional neural network and long short-term memory (CNN-LSTM) algorithm, was proposed to detect botnet attacks, namely, BASHLITE and Mirai, on nine commercial IoT devices. Extensive empirical research was performed by employing a real N-BaIoT dataset extracted from a real system, including benign and malicious patterns. The experimental results exposed the superiority of the CNN-LSTM model with accuracies of 90.88% and 88.61% in detecting botnet attacks from doorbells (Danminin and Ennio brands), whereas the proposed system achieved good accuracy (88.53%) in identifying botnet attacks from thermostat devices. The accuracies of the proposed system in detecting botnet attacks from security cameras were 87.19%, 89.23%, 87.76%, and 89.64%, with respect to accuracy metrics. Overall, the CNN-LSTM model was successful in detecting botnet attacks from various IoT devices with optimal accuracy.