Security News > 2023 > April > TP-Link Archer WiFi router flaw exploited by Mirai malware
The Mirai malware botnet is actively exploiting a TP-Link Archer A21 WiFi router vulnerability tracked as CVE-2023-1389 to incorporate devices into DDoS swarms.
Researchers first abused the flaw during the Pwn2Own Toronto hacking event in December 2022, where two separate hacking teams breached the device using different pathways.
The CVE-2023-1389 vulnerability is a high-severity unauthenticated command injection flaw in the locale API of the web management interface of the TP-Link Archer AX21 router.
Hackers can exploit the flaw by sending a specially crafted request to the router that contains a command payload as part of the country parameter, followed by a second request that triggers the execution of the command.
Owners of the Archer AX21 AX1800 dual-band WiFi 6 router can download the latest firmware update for their device's hardware version from this webpage.
Signs of an infected TP-Link router include device overheating, internet disconnections, inexplicable changes on the device's network settings, and resetting of admin user passwords.
News URL
Related news
- TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service (source)
- New Cuttlefish malware infects routers to monitor traffic for credentials (source)
- New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials (source)
- New SOHO router malware aims for cloud accounts, internal company resources (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-15 | CVE-2023-1389 | Command Injection vulnerability in Tp-Link Archer Ax21 Firmware TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. | 8.8 |