Close Menu
    What's Hot

    The EU’s push to deregulate banks

    Airtel Africa taps more bankers for rare London IPO of mobile money business

    Meta faces discrimination lawsuit over AI use in mass layoffs

    Facebook X (Twitter) Instagram
    Trending
    • The EU’s push to deregulate banks
    • Airtel Africa taps more bankers for rare London IPO of mobile money business
    • Meta faces discrimination lawsuit over AI use in mass layoffs
    • Takeaways From Justices Kagan and Barrett’s Congressional Testimony on Supreme Court Security
    • As Argentina Tries to Win the World Cup, the Rest of Latin America Cheers Against It
    • Missing From Prince Harry’s UK Trip: A Reunion With Prince William
    • For Argentina, a World Cup Semifinal Against England Isn’t Just Soccer
    • Tech Investors and Longevity Influencers Back Neko Health’s Mega Round
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

    adminBy adminApril 18, 2026No Comments4 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Ravie LakshmananApr 18, 2026IoT Security / Vulnerability

    Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

    Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42.

    The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability affecting TBK DVR-4104 and DVR-4216 digital video recording devices, to deliver a Mirai variant called Nexcorium.

    “IoT devices are increasingly prime targets for large-scale attacks due to their widespread use, lack of patching, and often weak security settings,” security researcher Vincent Li said. “Threat actors continue exploiting known vulnerabilities to gain initial access and deploy malware that can persist, spread, and cause distributed denial-of-service (DDoS) attacks.”

    Cybersecurity

    This is not the first time the vulnerability has been exploited in the wild. Over the past year, the security issue has been leveraged to deploy a Mirai variant as well as a distinct, relatively new botnet called RondoDox. In September 2025, CloudSEK also disclosed details of a large-scale loader-as-a-service botnet that has been distributing RondoDox, Mirai, and Morte payloads through weak credentials and old flaws in routers, IoT devices, and enterprise apps.

    The attack activity outlined by Fortinet involves the exploitation of CVE-2024-3721 to obtain and drop a downloader script, which then launches the botnet payload based on the Linux system’s architecture. Once the malware is executed, it displays a message stating “nexuscorp has taken control.”

    “Nexcorium has a similar architecture to the Mirai variant, including XOR-encoded configuration table initialization, watchdog module, and DDoS attack module,” the security vendor said.

    The malware also includes an exploit for CVE-2017-17215 to target Huawei HG532 devices in the network and incorporates a list of hard-coded usernames and passwords for use in brute-force attacks targeting the victim’s hosts by opening a Telnet connection.

    If the Telnet login is successful, it attempts to obtain a shell, set up persistence using crontab and systemd service, and connect to an external server to await commands for launching DDoS attacks over UDP, TCP, and SMTP. Once persistence is established on the device, the malware deletes the original downloaded binary to evade analysis.

    “The Nexcorium malware displays typical traits of modern IoT-focused botnets, combining vulnerability exploitation, support for multiple architectures, and various persistence methods to sustain long-term access to infected systems,” Fortinet said. “Its use of known exploits, such as CVE-2017-17215, along with extensive brute-force capabilities, underscores its adaptability and efficacy in increasing its infection reach.”

    The development comes as Unit 42 said it detected active, automated scans and probes attempting to exploit CVE-2023-33538 (CVSS score: 8.8), a command injection vulnerability impacting EoL TP-Link wireless routers, albeit using a flawed approach that doesn’t result in a successful compromise.

    It’s worth noting that the security flaw was added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog in June 2025. The vulnerability affects the following models –

    • TL-WR940N v2 and v4
    • TL-WR740N v1 and v2
    • TL-WR841N v8 and v10
    Cybersecurity

    “Although the in-the-wild attacks we observed were flawed and would fail, our analysis confirms the underlying vulnerability is real,” researchers Asher Davila, Malav Vyas, and Chris Navarrete said. “Successful exploitation requires authentication to the router’s web interface.”

    The attacks, in this case, attempt to deploy a Mirai-like botnet malware, with the source code featuring numerous references to the string “Condi.” It also comes equipped with the ability to update itself with a newer version and act as a web server to spread the infection to other devices that connect to it.

    Given that the affected TP‑Link devices are no longer actively supported, users are advised to replace them with a newer model and ensure that default credentials are not used.

    “For the foreseeable future, the security landscape will continue to be shaped by the persistent risk of default credentials in IoT devices,” Unit 42 said. “These credentials can turn a limited, authenticated vulnerability into a critical entry point for determined attackers.”

    Botnet CVE20243721 DDoS DVRs Exploits Hijack Mirai Nexcorium Tbk Variant
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleOil prices tank and stocks climb after Iran reopens the Strait of Hormuz
    Next Article USA 3-0 Japan (Apr 17, 2026) Game Analysis
    admin
    • Website

    Related Posts

    How Pentera Turns AI Security Workflows into Validation Engines

    July 15, 2026

    Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

    July 15, 2026

    Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads

    July 14, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    The EU’s push to deregulate banks

    Airtel Africa taps more bankers for rare London IPO of mobile money business

    Meta faces discrimination lawsuit over AI use in mass layoffs

    Takeaways From Justices Kagan and Barrett’s Congressional Testimony on Supreme Court Security

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by