CVE-2024-3721

MEDIUM EXPLOITED

TBK DVR-4104/4216 <20240412 - Command Injection

Title source: llm

Description

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.

Exploits (3)

nomisec WORKING POC 1 stars

by bytecategory · poc

https://github.com/bytecategory/homeip

View Code ZIP pw:eip

nomisec WORKING POC

by qalvynn · poc

https://github.com/qalvynn/Mirai-Based-CVE-2024-3721-Selfrep

View Code ZIP pw:eip

vulncheck_xdb

remote

https://github.com/qalvynn/CVE-2024-3721---POC

View on vulncheck_xdb

References (4)

[Various Sources] https://github.com/netsecfish/tbk_dvr_command_injection

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.260573

[Permissions Required, VDB Entry] https://vuldb.com/?id.260573

[Permissions Required, VDB Entry] https://vuldb.com/?submit.314969

Scores

CVSS v3 6.3

EPSS 0.7675

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

VulnCheck KEV 2024-04-21

CWE

CWE-78

Status published

Products (2)

TBK/DVR-4104 20240412

TBK/DVR-4216 20240412

Published Apr 13, 2024

Tracked Since Feb 18, 2026