Security News > 2023 > April > TP-Link Archer WiFi router flaw exploited by Mirai malware

TP-Link Archer WiFi router flaw exploited by Mirai malware
2023-04-25 11:45

The Mirai malware botnet is actively exploiting a TP-Link Archer A21 WiFi router vulnerability tracked as CVE-2023-1389 to incorporate devices into DDoS swarms.

Researchers first abused the flaw during the Pwn2Own Toronto hacking event in December 2022, where two separate hacking teams breached the device using different pathways.

The CVE-2023-1389 vulnerability is a high-severity unauthenticated command injection flaw in the locale API of the web management interface of the TP-Link Archer AX21 router.

Hackers can exploit the flaw by sending a specially crafted request to the router that contains a command payload as part of the country parameter, followed by a second request that triggers the execution of the command.

Owners of the Archer AX21 AX1800 dual-band WiFi 6 router can download the latest firmware update for their device's hardware version from this webpage.

Signs of an infected TP-Link router include device overheating, internet disconnections, inexplicable changes on the device's network settings, and resetting of admin user passwords.


News URL

https://www.bleepingcomputer.com/news/security/tp-link-archer-wifi-router-flaw-exploited-by-mirai-malware/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-03-15 CVE-2023-1389 Command Injection vulnerability in Tp-Link Archer Ax21 Firmware
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface.
low complexity
tp-link CWE-77
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
TP Link 322 0 74 168 88 330