- Kaspersky warns that several DVR devices are targeted with malware
- Malware assimilates devices in a botnet, granting DDOs and proxy capacities
- The victims are scattered all over the world, and there does not seem to be a patch
If you use TBK DVR-4104, DVR-4216 or any digital video recording device that uses these instances as a base, you may want to keep an eye on your equipment because it is actively driven out.
Kaspersky’s cybersecurity researchers claim to have seen a one -year -old vulnerability in these abused devices to extend the formidable Mirai Botnet.
In April 2024, safety researchers found a lack of command injection in the devices listed above. According to the NVDThe defect is followed as CVE-2024-3721, and received a gravity score of 6.3 / 10 (midfield). It can be triggered remotely and grants the total control of attackers on the point of vulnerable termination. Shortly after the discovery, the defect also obtained an exploit of proof of concept (POC).
Victims of the world
Now, a year later, Kaspersky says he saw this same POC used to extend the Mirai botnet. The attackers use the bug to remove an ARM32 malware which assimilates the device and grants owners the possibility of executing distributed service denial attacks (DDOS), a proxy malicious traffic, etc.
The majority of the victims that Kaspersky see are located in China, India, Egypt, Ukraine, Russia, Turkey and Brazil. However, as a Russian business, Kaspersky products are prohibited in many Western countries, so its analysis could be somewhat biased.
The number of potentially vulnerable devices was more than 110,000 in 2024 and has since fallen to around 50,000. Although most certainly an improvement, this always means that the attack surface is quite large.
Usually, when a vulnerability like this is discovered, a patch soon follows. However, several media sources claim that it is “clear” if the manufacturers TBK Vision have corrected the bug.
Cyberinsider The reports that several third -party brands use these devices as a basis for their models, further complicating the availability of patches and indicating that “it is very likely that for the most part, there is no fix”.
Some of the brands are Novo, Cenova, Qsee, Pulnix, XVR 5 in 1, Securus, Night Owl, DVR Login and others.
Via Bleeping Compompute
