The Nexcorium Mirai variant is actively exploiting command injection vulnerabilities in TBK DVR-4104/4216 devices, end-of-life TP-Link router models, and legacy Huawei HG532 devices to build a DDoS-capable botnet. The TP-Link models have no patch path and must be decommissioned. CVE-2024-3721 carries an EPSS score at the 99th percentile, confirming active exploitation at scale.