Botnets Swarm Exploited in TP-Link Archer Routers - 20240418003

Overview

TP-Link Archer AX21 (AX1800) contains a command injection vulnerability in the web management interface within the 'Country' field. An attacker can leverage this vulnerability to execute arbitrary code in the context of root with a simple POST.

What is vulnerable?

Product Affected	CVE	Severity	CVSS
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219	CVE-2023-1389	High	8.8

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

Additional References

• TP-Link Archer AX21 Command Injection (packetstormsecurity.com)
• Unauthenticated Command Injection in TP-Link Archer AX21 (AX1800) (tenable.com)
• Old Vulnerability, New Attacks (securityonline.info)