New Mirai botnet infect TBK DVR devices via command injection flaw www.bleepingcomputer.com/news/secu…

A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them.

The flaw, tracked under CVE-2024-3721, is a command injection vulnerability disclosed by security researcher “netsecfish” in April 2024.

The proof-of-concept (PoC) the researcher published at the time came in the form of a specially crafted POST request to a vulnerable endpoint, achieving shell command execution through the manipulation of certain parameters (mdb and mdc).

Kaspersky now reports having caught active exploitation of CVE-2024-3721 in its Linux honeypots from a new Mirai botnet variant using netsecfish’s PoC.