CVE-2024-3721

Name of the Vulnerable Software and Affected Versions TBK DVR-4104 versions prior to 20240412 TBK DVR-4216 versions prior to 20240412

Description An OS command injection issue exists in TBK DVR devices due to insufficient validation of user-supplied input. Remote, unauthenticated attackers can execute arbitrary shell commands or cause a denial of service by sending a specially crafted POST request to the endpoint '/device.rsp?opt=sys&cmd= S O S T R E A MAX ' by manipulating the mdb and mdc parameters. This flaw has been actively exploited by several Mirai botnet variants, including Nexcorium and Broadside, to hijack devices for large-scale DDoS attacks and malicious traffic proxying. Over 50,000 infected devices have been detected globally, with significant activity in China, India, Russia, Egypt, Turkey, and Brazil. The Broadside variant specifically targets the maritime logistics and shipping sector, posing risks to shipboard systems and satellite communications.

Recommendations Update the firmware for TBK DVR-4104 and TBK DVR-4216 to a version released after 20240412. Disable Telnet and restrict external access to the devices. Change all default user credentials. As a temporary workaround, restrict access to the '/device.rsp' endpoint to minimize the risk of exploitation.