- Kaspersky warns multiple DVR units targeted at malware
- Malware assimilates the devices in a botnet giving DDOS and proxy capacities
- The victims are scattered all over the world and there appears to be any patch
If you are using TBK DVR-4104, DVR-4216 or any digital video recording device that uses these cases as a basis, you may be able to keep an eye on your hardware because it is actively chased.
CyberSecurity scientists in Kaspersky claim to have seen a year old vulnerability on these devices being abused to expand the dreaded Mirai Botnet.
In April 2024, security researchers found a command injection error in the above -mentioned devices. Per. NVDThe error is traced as CVE-2024-3721 and got a severity of 6.3/10 (medium). It can be triggered externally and gives the attackers full control over the vulnerable end point. Shortly after the discovery, the error also got a proof-of-concept (POC) exploitation.
Victims all over the world
Now, a year later, Kaspersky says it saw that this same Poc was used to expand the Mirai Botnet. The attackers use the error to drop an Arm32 Malware that assimilates the device and gives the owners the opportunity to run distributed denial of service (DDOS) attacks, malicious malicious traffic and more.
Most of the victims Kaspersky SEE are located in China, India, Egypt, Ukraine, Russia, Turkey and Brazil. However, as a Russian company, Kaspersky’s products are banned in many Western countries, so its analysis can be somewhat skewed.
The number of potentially vulnerable units was more than 110,000 in 2024 and has since fallen to about 50,000. While it is definitely an improvement, it still means that the attack surface is pretty big.
Usually, when a vulnerability like this is discovered, a patch soon follows. However, several media sources claim it is “unclear” if manufacturers TBK vision patched the error.
Cyberinsides Reports that several third-party brands use these devices as the basis for their models, further complicating the patch accessibility and saying that “it is very likely that for most people there is no patch.”
Some of the brands are Novo, Cenova, QSEE, Pulnix, XVR 5 in 1, Seurus, Night Owl, DVR Login and others.
Via Bleeping computer
