Security News > 2025 > March > Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices
2025-03-11 12:30
Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet," security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with
News URL
https://thehackernews.com/2025/03/ballista-botnet-exploits-unpatched-tp.html
Related news
- Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan (source)
- Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet (source)
- ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams (source)
- Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit (source)
- ⚡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-15 | CVE-2023-1389 | Command Injection vulnerability in Tp-Link Archer Ax21 Firmware TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. | 8.8 |