RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks

Cybersecurity researchers are calling attention to a malware campaign that's targeting security flaws in TBK digital video recorders DVRs and Four-Faith routers to rope the devices into a new botnet called RondoDox. The vulnerabilities in question include CVE-2024-3721, a medium-severity command...

Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721

The abuse of known security flaws to deploy bots on vulnerable systems is a widely recognized problem. Many automated bots constantly search the web for known vulnerabilities in servers and devices connected to the internet, especially those running popular services. These bots often carry Remote...

CVE-2024-3721

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys=SOSTREAMAX. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. Th...

TBK DVR devices OS Command Injection Vulnerability (Apr 2024) - Active Check

TBK DVR devices are prone to an OS command injection vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

CVE-2024-3721

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=SOSTREAMAX. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely...

CVE-2024-3721 TBK DVR-4104/DVR-4216 os command injection

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=SOSTREAMAX. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely...

CVE-2024-3721 TBK DVR-4104/DVR-4216 os command injection

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=SOSTREAMAX. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely...

CVE-2024-3721

CVE-2024-3721 is an OS command injection affecting TBK DVR-4104 and DVR-4216 (firmware up to 20240412). The flaw stems from unsanitized parameters mdb/mdc in HTTP requests to /device.rsp?opt=sys&cmd=S_O_S_T_R_E_A_MAX . Successful exploitation allows unauthenticated remote command execution and ha...

CVE-2024-3721

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=SOSTREAMAX . The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotel...

TBK DVR-4104、DVR-4216 操作系统命令注入漏洞

TBK DVR-4104 is a digital video recorder from TBK. An OS command injection vulnerability exists in TBK DVR-4104, DVR-4216 version 20240412 and earlier versions, which stems from the fact that incorrect operation of the parameter mdb/mdc can lead to OS command injection...

PT-2024-27378

Name of the Vulnerable Software and Affected Versions TBK DVR-4104 versions prior to 20240412 TBK DVR-4216 versions prior to 20240412 Description An OS command injection issue exists in TBK DVR devices due to insufficient validation of user-supplied input. Remote, unauthenticated attackers can...

Hackers Exploiting 5-year-old Unpatched Vulnerability in TBK DVR Devices

Threat actors are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording DVR devices, according to an advisory issued by Fortinet FortiGuard Labs. The vulnerability in question is CVE-2018-9995 CVSS score: 9.8, a critical authentication bypass issue that could b...

PT-2023-11231 · Undefined · Undefined

Хакеры эксплуатируют уязвимость пятилетней давности, взламывая видеокамеры в банках Исследователи Fortinet FortiGuard Labs предупреждают, что злоумышленники активно эксплуатируют критическую неисправленную уязвимость, влияющую на устройства цифровой видеозаписи DVR TBK. Недостаток, отслеживаемый...