Security News > 2023 > June > New Condi malware builds DDoS botnet out of TP-Link AX21 routers

New Condi malware builds DDoS botnet out of TP-Link AX21 routers
2023-06-20 21:06

A new DDoS-as-a-Service botnet called "Condi" emerged in May 2023, exploiting a vulnerability in TP-Link Archer AX21 Wi-Fi routers to build an army of bots to conduct attacks.

Condi aims to enlist new devices to create a powerful DDoS botnet that can be rented to launch attacks on websites and services.

A new Fortinet report published today explains that Condi targets CVE-2023-1389, a high-severity unauthenticated command injection and remote code execution flaw in the API of the router's web management interface.

Condi is the second DDoS botnet to target this vulnerability after Mirai previously exploited it at the end of April.

To deal with the attack overlaps, Condi has a mechanism that attempts to kill any processes belonging to known competitor botnets.

Regarding Condi's DDoS attack capabilities, the malware supports various TCP and UDP flood methods similar to those of Mirai.


News URL

https://www.bleepingcomputer.com/news/security/new-condi-malware-builds-ddos-botnet-out-of-tp-link-ax21-routers/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-03-15 CVE-2023-1389 Command Injection vulnerability in Tp-Link Archer Ax21 Firmware
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface.
low complexity
tp-link CWE-77
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
TP Link 322 0 74 168 88 330