Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

A Mirai botnet variant named Nexcorium is being deployed to compromise TBK DVR devices and end-of-life TP-Link Wi-Fi routers. The malware exploits CVE-2024-3721, a medium-severity command injection vulnerability (CVSS 6.3), to gain unauthorized access. Fortinet FortiGuard Labs and Palo Alto Networks Unit 42 identified the campaign. Compromised devices are recruited into a DDoS botnet, enabling threat actors to launch distributed denial-of-service attacks. Organizations should patch affected devices immediately, replace EoL hardware, and implement network segmentation. Default credentials should be changed, and unnecessary internet-facing services should be disabled to reduce attack surface.

Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability affecting

A Mirai botnet variant named Nexcorium is being deployed to compromise TBK DVR devices and end-of-life TP-Link Wi-Fi routers. The malware exploits CVE-2024-3721, a medium-severity command injection vulnerability (CVSS 6.3), to gain unauthorized access. Fortinet FortiGuard Labs and Palo Alto Networks Unit 42 identified the campaign. Compromised devices are recruited into a DDoS botnet, enabling threat actors to launch distributed denial-of-service attacks. Organizations should patch affected devices immediately, replace EoL hardware, and implement network segmentation. Default credentials should be changed, and unnecessary internet-facing services should be disabled to reduce attack surface. Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability affecting Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability affecting