Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors are actively exploiting CVE-2024-3721, a medium-severity command injection vulnerability, to compromise TBK DVR devices and end-of-life TP-Link Wi-Fi routers. This campaign deploys the Nexcorium variant of the Mirai botnet malware, transforming infected IoT devices into nodes for distributed denial-of-service (DDoS) attacks. Security vendors Fortinet FortiGuard Labs and Palo Alto Networks Unit 42 confirmed the activity. The exploitation allows remote attackers to execute arbitrary commands, facilitating unauthorized access and botnet enrollment. Organizations and consumers utilizing affected hardware face significant risks of service disruption and involvement in broader cyberattacks. Mitigation strategies include immediate patching of vulnerable devices, replacing end-of-life routers, and implementing network segmentation to isolate IoT assets. Monitoring network traffic for unusual outbound connections is also recommended to detect potential command-and-control communication associated with Mirai variants.

Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability affecting

Threat actors are actively exploiting CVE-2024-3721, a medium-severity command injection vulnerability, to compromise TBK DVR devices and end-of-life TP-Link Wi-Fi routers. This campaign deploys the Nexcorium variant of the Mirai botnet malware, transforming infected IoT devices into nodes for distributed denial-of-service (DDoS) attacks. Security vendors Fortinet FortiGuard Labs and Palo Alto Networks Unit 42 confirmed the activity. The exploitation allows remote attackers to execute arbitrary commands, facilitating unauthorized access and botnet enrollment. Organizations and consumers utilizing affected hardware face significant risks of service disruption and involvement in broader cyberattacks. Mitigation strategies include immediate patching of vulnerable devices, replacing end-of-life routers, and implementing network segmentation to isolate IoT assets. Monitoring network traffic for unusual outbound connections is also recommended to detect potential command-and-control communication associated with Mirai variants. Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability affecting Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability affecting