Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Summary
Attackers are leveraging a Mirai botnet variant called Nexcorium to compromise TBK DVRs and end-of-life TP-Link Wi-Fi routers. The campaign specifically exploits CVE-2024-3721, a command injection vulnerability in TBK DVRs, to enlist these devices into a distributed denial-of-service (DDoS) botnet.
IFF Assessment
The exploitation of a known vulnerability to build a botnet for DDoS attacks represents an increased threat to network availability and security.
Severity
The CVSS score of 6.3 reflects a medium severity for a command injection vulnerability, indicating it is exploitable and can lead to significant impact on the targeted devices.
Defender Context
This attack highlights the persistent threat of IoT botnets leveraging known vulnerabilities, especially in older or unpatched devices. Defenders should prioritize patching known vulnerabilities in network-attached devices, segmenting IoT devices, and monitoring for unusual network traffic indicative of botnet activity.