Vulnerability cyber

TBK Vision

Jun 8, 2025 1 min read
TBK Vision

A new variant of the Mirai malware botnet is exploiting a command injection vulnerability (CVE-2024-3721) in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. The flaw was disclosed by security researcher 'netsecfish' in April 2024. Kaspersky reports active exploitation of this vulnerability in its Linux honeypots, with the attackers using the exploit to drop an ARM32 malware binary that communicates with a command and control server. This enlists the device into the botnet swarm, likely used for DDoS attacks and proxying malicious traffic. Approximately 50,000 devices are exposed, with most infections seen in China, India, Egypt, Ukraine, Russia, Turkey, and Brazil.

Source: https://www.bleepingcomputer.com/news/security/new-mirai-botnet-infect-tbk-dvr-devices-via-command-injection-flaw/

TPRM report: https://scoringcyber.rankiteo.com/company/tbk-digital

"id": "tbk901060825",
"linkid": "tbk-digital",
"type": "Vulnerability",
"date": "6/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Electronics',
                        'name': 'TBK Vision',
                        'type': 'Manufacturer'}],
 'attack_vector': 'Command Injection',
 'date_detected': '2024-04-01',
 'date_publicly_disclosed': '2024-04-01',
 'description': 'A new variant of the Mirai malware botnet is exploiting a '
                'command injection vulnerability in TBK DVR-4104 and DVR-4216 '
                'digital video recording devices to hijack them. The flaw, '
                'tracked under CVE-2024-3721, was disclosed by security '
                "researcher 'netsecfish' in April 2024. Kaspersky reports "
                'active exploitation of this vulnerability in its Linux '
                'honeypots, leading to the devices being used for DDoS attacks '
                'and proxying malicious traffic.',
 'impact': {'systems_affected': 'TBK DVR-4104 and DVR-4216 devices'},
 'initial_access_broker': {'entry_point': 'Command Injection Vulnerability'},
 'investigation_status': 'Ongoing',
 'motivation': ['Distributed Denial of Service (DDoS) attacks',
                'Proxying malicious traffic'],
 'post_incident_analysis': {'root_causes': 'Command Injection Vulnerability in '
                                           'TBK DVR devices'},
 'references': [{'source': 'Kaspersky'}],
 'response': {'third_party_assistance': ['Kaspersky']},
 'threat_actor': 'Mirai Botnet Operators',
 'title': 'Mirai Botnet Exploits Command Injection Vulnerability in TBK DVR '
          'Devices',
 'type': 'Malware',
 'vulnerability_exploited': 'CVE-2024-3721'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

HPE

public 1 min read
Multiple severe security vulnerabilities in HPE Insight Remote Support (IRS) platform that could allow attackers to execute remote code, traverse…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.