FortiGuard Outbreak Alert: TBK DVRs Botnet Attack

kcheung · ‎06-23-2025

Description

FortiGuard Labs have observed exploitation attempts of CVE-2024-3721 in TBK DVR devices.

TBK Vision is a company which manufactures surveillance equipment such digital video recorder (DVR) and network CCTV cameras.

TBK digital video recorder (DVR), specifically TBK DVR-4104 and TBK DVR-4216, are affected by CVE-2024-3721.

CVE-2024-3721 is a command injection vulnerability which allows unauthenticated attackers to send a specialty crafted request to execute arbitrary command on the device.

CVE ID

CVE-2024-3721 (https://nvd.nist.gov/vuln/detail/CVE-2024-3721)

NDR Cloud Detection Rule

FortiNDR Cloud v25.2.b+

Detection Rule Name	Category	Primary MITRE ID
FortiGuard Outbreak Alert: TBK DVRs Remote Command Injection - CVE-2024-3721	Attack: Exploitation	T1190 - Exploit Public-Facing Application

Playbook

N/A

Threat Hunting

FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for "TBK DVRs Botnet Attack" related activities.
IOC source: https://www.fortiguard.com/outbreak-ioc?tag=tbk%20dvrs%20botnet%20attack
All IOCs relating to "TBK DVRs Botnet Attack" have been added to Threat Intelligence Intel.

Suricata Coverage

Customers can create custom investigation/detections using the Suricata signatures below:
2061111 -> ET WEB_SPECIFIC_APPS TBK DVR-4104/4216 Command Injection Attempt (CVE-2024-3721)

Other Fortinet Products

For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to:
https://www.fortiguard.com/outbreak-alert/tbk-dvrs-botnet-attack

FortiGuard Outbreak Alert: TBK DVRs Botnet Attack

You are leaving our website