CVE-2024-3721

Confirmed PUBLISHED

TBK DVR-4104/DVR-4216 os command injection

TBK · DVR-4104, DVR-4216

Not yet in CISA KEV

Exploited in the wild Active exploitation observed

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
8
Unique Attacker IPs
5
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
6.3 Medium EPSS 86.5%

At a Glance

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability. Eine kritische Schwachstelle wurde in TBK DVR-4104 and DVR-4216 bis 20240412 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. Mittels dem Manipulieren des Arguments mdb/mdc mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVE Published
Apr 13, 2024
Exploitation Reported
Apr 22, 2025
CVSS
6.3 Medium
EPSS
86.5%
Remote Low complexity No user interaction

Affected Versions

Vendor Product Version Status
tbkvision
tbk-dvr4104

0

Affected
tbkvision
tbk-dvr4216

0

Affected
TBK
DVR-4104

20240412

Affected
TBK
DVR-4216

20240412

Affected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.