A command injection flaw in internet-connected digital video recorders used for CCTV monitoring is the target of a Mirai botnet malware variant, which allows hackers to take over the devices and add them to a botnet.
Cybersecurity researchers at Russian cybersecurity firm Kaspersky discovered a CVE-2024-3721 exploit while analysing logs from their Linux honeypot system. The issue is a command injection vulnerability found in internet-connected digital video recorders used for CCTV surveillance. Further analysis revealed that the activity was related to a form of the Mirai botnet, which exploited this issue in TBK-manufactured DVR devices to compromise and control them.
The vulnerability was initially discovered by security researcher “netsecfish” in April 2024. By adjusting parameters like mdb and mdc, the researcher released a proof-of-concept showing how a carefully designed post request to a specific URL can trigger shell command execution. Kaspersky confirmed that this precise technique is being utilised in the wild, with its Linux honeypots catching ongoing exploitation attempts linked to a Mirai botnet variant that uses netsecfish’s proof-of-concept to compromise vulnerable DVRs.