Dvr-4216 - RCE (CVE-2024-3721)
114Exploiting IPs reported
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.
CrowdSec analysis
CVE-2024-3721 is a vulnerability found in certain TBK DVR devices that can allow remote attackers to perform OS command injection via crafted requests to a device management endpoint.
CrowdSec has been tracking this vulnerability and its exploits since 7th of May 2025.
Data from the CrowdSec community indicates that exploitation of CVE-2024-3721 is highly selective and intelligence-driven. Threat actors use advanced reconnaissance and carefully choose their targets, often as part of sophisticated campaigns or advanced persistent threat operations. CrowdSec data also reveals a clear uptick in attacks involving CVE-2024-3721 over the past week. Activity is above the usual baseline, suggesting growing attention from attackers. This may reflect rising awareness, recent exploit releases, or expanded targeting efforts.
Observed attack attempts typically involve requests to URLs containing /device.rsp with particular command parameters.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Common Weakness Enumeration (CWE)
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.