Cybersecurity researchers have identified a malware campaign named RondoDox that exploits vulnerabilities in TBK digital video recorders and Four-Faith routers. These vulnerabilities include a command injection flaw affecting TBK DVR-4104 and DVR-4216 DVRs, and an OS command injection bug for Four-Faith routers. Many affected devices operate in critical settings and often remain unmonitored, making them vulnerable. RondoDox not only takes over devices but repurposes them for stealth proxy operations, enabling scams and DDoS campaigns. It was initially distributed targeting Linux operating systems.
Both [the security flaws] have been publicly disclosed and are actively being targeted, posing serious risks to device security and overall network integrity," Fortinet FortiGuard Labs researcher Vincent Li said.
What makes RondoDox especially dangerous isn't just the device takeover-it's how the attackers repurpose that access.
The vulnerabilities include CVE-2024-3721, a command injection vulnerability affecting TBK DVR-4104 and DVR-4216 DVRs, and CVE-2024-12856, an OS command injection bug affecting Four-Faith routers.
Many devices are installed in critical environments like retail stores, warehouses, and small offices, where they often go unmonitored for years.
Collection
[
|
...
]