Security News > 2023 > June > New Condi malware builds DDoS botnet out of TP-Link AX21 routers
A new DDoS-as-a-Service botnet called "Condi" emerged in May 2023, exploiting a vulnerability in TP-Link Archer AX21 Wi-Fi routers to build an army of bots to conduct attacks.
Condi aims to enlist new devices to create a powerful DDoS botnet that can be rented to launch attacks on websites and services.
A new Fortinet report published today explains that Condi targets CVE-2023-1389, a high-severity unauthenticated command injection and remote code execution flaw in the API of the router's web management interface.
Condi is the second DDoS botnet to target this vulnerability after Mirai previously exploited it at the end of April.
To deal with the attack overlaps, Condi has a mechanism that attempts to kill any processes belonging to known competitor botnets.
Regarding Condi's DDoS attack capabilities, the malware supports various TCP and UDP flood methods similar to those of Mirai.
News URL
Related news
- Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft (source)
- AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services (source)
- Volt Typhoon rebuilds malware botnet following FBI disruption (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign (source)
- Juniper warns of Mirai botnet targeting Session Smart routers (source)
- Juniper warns of Mirai botnet scanning for Session Smart routers (source)
- BadBox malware botnet infects 192,000 Android devices despite disruption (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-15 | CVE-2023-1389 | Command Injection vulnerability in Tp-Link Archer Ax21 Firmware TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. | 8.8 |