Multiple Botnets Targeting TP-Link Routers Exploiting Year-Old Security Flaw

April 17, 2024

A security issue identified as CVE-2023-1389, affecting TP-Link Archer AX21 routers, has become the target of at least six different botnet malware operations. This high-severity flaw allows for unauthenticated command injection via the device's web management interface. The vulnerability was discovered by multiple researchers in early 2023 and was reported to TP-Link through the Zero-Day Initiative.

In response, TP-Link released firmware updates in March 2023 to address the issue. However, shortly after these security advisories were made public, a proof-of-concept exploit code was released. This led to warnings from cybersecurity teams about several botnets, including three variants of Mirai and the Condi botnet, targeting devices that had not been updated.

Fortinet, a cybersecurity firm, recently reported a significant increase in malicious activity exploiting this vulnerability, tracing it back to six botnet operations. According to their telemetry data, daily infection attempts utilizing CVE-2023-1389 frequently exceeded 40,000 and sometimes reached up to 50,000 since March 2024. Each botnet employs different strategies and scripts to exploit the flaw, gain control over the vulnerable devices, and use them for malicious activities such as distributed denial of service (DDoS) attacks.

Despite TP-Link's security update in 2023, a substantial number of users are still using outdated firmware, as indicated by Fortinet's report. This leaves their TP-Link Archer AX21 routers vulnerable to attacks. Users are urged to follow the vendor's instructions for upgrading their firmware. In addition, they should replace the default admin passwords with unique and lengthy ones and disable web access to the admin panel if it is not necessary.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.