Mirai Botnet Variants Target TBK DVRs via CVE-2024-3721

/HIGH
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW threat-intelvulnerabilitymalwarecloud
Mirai Botnet Variants Target TBK DVRs via CVE-2024-3721

Mirai botnet variants, including Nexcorium, are actively exploiting a command injection vulnerability (CVE-2024-3721) in TBK DVR devices. This flaw, rated medium severity, allows attackers to hijack these devices and integrate them into a DDoS botnet. The attacks also impact end-of-life TP-Link Wi-Fi routers, highlighting the ongoing risks associated with unpatched and unsupported IoT hardware.

This exploitation underscores a persistent problem: legacy and unsupported devices remain prime targets for botnet operators. Defenders must prioritize identifying and isolating these vulnerable endpoints. The calculus for attackers is simple: these devices are often unmonitored and unpatched, offering a low-risk, high-reward entry point for expanding their attack infrastructure.

What This Means For You

  • If your organization utilizes TBK DVRs or end-of-life TP-Link routers, immediately audit your network for these devices. Isolate any identified devices and disconnect them from the internet. Prioritize patching or replacement of all end-of-life networking equipment and IoT devices to mitigate this command injection risk.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1071.004 Web Protocols Command and Control T1498.002 Network Denial of Service Impact

๐Ÿ›ก๏ธ Detection Rules

1 rule ยท 6 SIEM formats

1 detection rule mapped to MITRE ATT&CK. Sigma YAML is free โ€” copy below.

critical T1190 Initial Access

Mirai Variant Command Injection via TBK DVR CVE-2024-3721

Sigma YAML โ€” free preview

Indicators of Compromise

IDTypeIndicator
CVE-2024-3721 Vulnerability CVE-2024-3721

Written by SCW Vulnerability Desk

Take action on this incident
๐Ÿ“ก Monitor fortinet.com Free ยท 1 watchlist slot ยท instant alerts on new breaches ๐Ÿ” Threat intel on Fortinet All breaches, IOCs & vendor exposure

Related Posts

Oracle's April CPU: 450 Patches, Over 300 Remote, Unauthenticated Flaws

Oracle has dropped its April Critical Patch Update (CPU), delivering a significant batch of 481 security fixes across 28 product families. Of particular concern are...

threat-intelvulnerabilitycloudtools
/SCW Vulnerability Desk /MEDIUM /⚑ 2 IOCs /⚙ 3 Sigma

Microsoft Rushes Patches for Critical ASP.NET Core Privilege Escalation Flaw

Microsoft has issued out-of-band updates to address a critical privilege escalation vulnerability (CVE-2026-40372) in ASP.NET Core's Data Protection APIs. BleepingComputer reports that unauthenticated attackers could...

threat-inteldata-breachmalwarevulnerabilitymicrosofttools
/SCW Vulnerability Desk /HIGH /⚑ 1 IOC /⚙ 3 Sigma

Mustang Panda's LOTUSLITE Variant Targets India Banks

The threat actor Mustang Panda has resurfaced with a new variant of its LOTUSLITE backdoor, specifically targeting India's banking sector. According to The Hacker News,...

threat-intelvulnerabilitymalware
/SCW Vulnerability Desk /MEDIUM