RondoDox Botnet Hijacks TBK, Four-Faith Devices

Cybersecurity analysts have uncovered a malicious campaign that exploits known vulnerabilities in TBK digital video recorders and Four-Faith routers to form a new distributed denial-of-service (DDoS) botnet named RondoDox. The RondoDox Botnet hijacks TBK DVR-4104 and DVR-4216 models by leveraging CVE-2024-3721, a medium-severity command injection flaw. Attackers also target Four-Faith routers using CVE-2024-12856, which affects the device’s operating system.

Once compromised, the devices become part of a growing network that launches DDoS attacks. Researchers warn that these exploits allow remote attackers to gain control without authentication. The RondoDox Botnet hijacks TBK and Four-Faith hardware to expand its infrastructure, raising concerns about the security of internet-connected video and routing equipment.

Operators of affected devices are urged to apply available patches and monitor unusual traffic. For a detailed breakdown of the attack vectors and technical findings, read the full report below.

https://thehackernews.com/2025/07/rondodox-botnet-exploits-flaws-in-tbk.html