Recent findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42 reveal that threat actors are exploiting a medium-severity vulnerability (CVE-2024-3721) in TBK DVR devices and end-of-life TP-Link Wi-Fi routers to deploy a new variant of the Mirai botnet, known as Nexcorium. This command injection vulnerability allows attackers to hijack these devices and integrate them into a distributed denial-of-service (DDoS) botnet, posing a significant risk to organizations that rely on these technologies for surveillance and connectivity.
For businesses, this development underscores the critical importance of proactive cybersecurity measures, particularly regarding device management and vulnerability patching. Organizations utilizing TBK DVRs or older TP-Link routers must prioritize updating or replacing these devices to mitigate the risk of DDoS attacks. As cyber threats continue to evolve, understanding and addressing potential vulnerabilities in connected devices is essential to safeguarding digital infrastructure. This incident exemplifies the ongoing challenges within the cybersecurity landscape, emphasizing the need for vigilance and robust defense strategies against IoT-related threats.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/04/mirai-variant-nexcorium-exploits-cve.html)*