Mirai Botnet Variant Exploits DVR Flaw to Build Swarm

A Mirai Offshoot Uses DVR Command Injection Bug to Spread, Hitting 50,000 Devices Anviksha More (AnvikshaMore) • June 9, 2025

A Mirai botnet malware variant is targeting a command injection vulnerability in internet-connected digital video recorders used for CCTV surveillance, enabling attackers to take control of the devices and add them to a botnet.

See Also: Gartner Report | Magic Quadrant for SD-WAN

Researchers at Russian cybersecurity firm Kaspersky identified an exploit of CVE-2024-3721 while analyzing logs from their Linux honeypot system. The flaw is a command injection vulnerability in internet-connected digital video recorders used for CCTV surveillance. Further investigation confirmed that the activity was linked to a variant of the Mirai botnet, which is abusing this flaw in TBK-manufactured DVR devices to compromise and control them.

Security researcher "netsecfish" first identified the vulnerability in April 2024. The researcher published a proof-of-concept demonstrating how a crafted post ...