A significant security incident has emerged involving a new wave of the Mirai botnet, actively exploiting a critical command injection vulnerability found in specific TBK digital video recorder (DVR) devices. This flaw, identified as CVE-2024-28951, resides within the device’s web service, httpd, and allows attackers to execute arbitrary commands on vulnerable systems by simply sending specially crafted web requests.
The core issue lies in the improper handling of input parameters passed to the vulnerable service. Attackers can inject malicious shell commands through these unsanitized inputs, effectively gaining unauthorized control over the affected DVR. Once compromised, these devices are then enlisted into a new Mirai botnet variant.
The exploitation of this vulnerability poses a severe threat. Devices incorporated into the botnet are typically used to launch massive distributed denial-of-service (DDoS) attacks against targets across the internet. Furthermore, the compromised DVRs can be leveraged to scan for and infect other vulnerable devices, perpetuating the attack chain.
Security researchers have highlighted that the ease of exploitation for this specific flaw makes affected TBK DVR devices prime targets for attackers seeking to expand their botnet infrastructure. The widespread deployment of such internet-connected devices, often with default or weak security configurations, exacerbates the risk.
Owners and administrators of TBK DVR systems are urged to take immediate action. The primary defense against this threat is patching. Vendors typically release firmware updates to address such critical vulnerabilities. Checking for and applying the latest firmware is paramount. Additionally, isolating DVR devices from the public internet unless absolutely necessary, using strong, unique passwords, disabling unnecessary services, and implementing firewall rules can significantly reduce the attack surface and mitigate the security risks associated with this vulnerability and the active Mirai botnet campaign. Proactive security measures are essential to prevent devices from falling victim to this or future botnet threats.
Source: https://www.bleepingcomputer.com/news/security/new-mirai-botnet-infect-tbk-dvr-devices-via-command-injection-flaw/
