CVE-2024-3721

MEDIUM EXPLOITED

TBK DVR-4104/4216 <20240412 - Command Injection

Title source: llm

Exploitation Summary

CVE-2024-3721 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including bytecategory, qalvynn.

AI-analyzed exploit summary This repository provides a functional exploit for CVE-2024-3721, demonstrating how to achieve remote code execution (RCE) on a vulnerable system by leveraging a command injection vulnerability. The exploit involves downloading and executing malicious binaries (tinyproxy and a DDoS tool) on the target system.

Description

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.

Exploits (2)

nomisec WORKING POC 1 stars

by bytecategory · poc

https://github.com/bytecategory/homeip

View Code ZIP pw:eip

This repository provides a functional exploit for CVE-2024-3721, demonstrating how to achieve remote code execution (RCE) on a vulnerable system by leveraging a command injection vulnerability. The exploit involves downloading and executing malicious binaries (tinyproxy and a DDoS tool) on the target system.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: StreamingProtoc (version not specified)

No auth needed

Prerequisites: Access to a vulnerable system running StreamingProtoc · Ability to host malicious binaries on a controlled server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 01, 2026 Full analysis →

nomisec WORKING POC

by qalvynn · poc

https://github.com/qalvynn/Mirai-Based-CVE-2024-3721-Selfrep

View Code ZIP pw:eip

This is a functional exploit PoC for CVE-2024-3721, targeting a command injection vulnerability in a web server via a crafted HTTP POST request. The code establishes multiple TCP connections to random IPs, sends a malicious payload to execute arbitrary commands, and downloads/executes a secondary payload ('arm7').

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Unknown web server (likely embedded device with /device.rsp endpoint)

No auth needed

Prerequisites: Network access to vulnerable web server on port 80 · Ability to send HTTP POST requests

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.260573

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.260573

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.314969

Various Sources exploit

https://github.com/netsecfish/tbk_dvr_command_injection

View Writeup ZIP pw:eip

Scores

CVSS v3 6.3

EPSS 0.7675

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2024-04-21

CWE

CWE-78

Status published

Products (2)

TBK/DVR-4104 20240412

TBK/DVR-4216 20240412

Published Apr 13, 2024

Tracked Since Feb 18, 2026