- Kaspersky warns multiple DVR devices are being targeted with malware
- The malware assimilates the devices into a botnet, granting DDoS and proxy capabilities
- The victims are scattered all over the world, and there seems to be no patch
If you are using TBK DVR-4104, DVR-4216, or any digital video recording device that uses these instances as its basis, you might want to keep an eye on your hardware because it’s being actively hunted.
Cybersecurity researchers at Kaspersky claim to have seen a year-old vulnerability in these devices being abused to expand the dreaded Mirai botnet.
In April 2024, security researchers found a command injection flaw in the devices listed above. As per the NVD, the flaw is tracked as CVE-2024-3721, and was given a severity score of 6.3/10 (medium). It can be triggered remotely and grants the attackers full control over the vulnerable endpoint. Soon after discovery, the flaw also got a Proof-of-Concept (PoC) exploit.
Victims around the world
Now, a year later, Kaspersky says it saw this same PoC being used to expand the Mirai botnet. The attackers are using the bug to drop an ARM32 malware which assimilates the device and grants the owners the ability to run distributed denial of service (DDoS) attacks, proxy malicious traffic, and more.
The majority of victims Kaspersky is seeing are located in China, India, Egypt, Ukraine, Russia, Turkey, and Brazil. However as a Russian company, Kaspersky’s products are banned in many Western countries, so its analysis could be somewhat skewed.
The number of potentially vulnerable devices was more than 110,000 in 2024, and has since dropped to around 50,000. While most definitely an improvement, it still means that the attack surface is rather large.
Usually, when a vulnerability like this is discovered, a patch soon follows. However, multiple media sources are claiming that it is “unclear” if makers TBK Vision patched the bug.
CyberInsider reports that multiple third-party brands use these devices as a basis for their models, further complicating patch availability, and stating that “it’s very likely that for most, there is no patch.”
Some of the brands are Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, and others.
Via BleepingComputer
You might also like
Services Marketplace – Listings, Bookings & Reviews