Intrusion PreventionTP-Link.Archer.AX21.Unauthenticated.Command.Injection
Description
This indicates an attack attempt to exploit an Unauthenticated Command Injection Vulnerability in TP-Link Archer AX21 (AX1800).
The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted request. An unauthenticated remote attacker may be able to exploit this to execute arbitrary commands within the context of the application.
Outbreak Alert
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 contains a command injection vulnerability in the web management interface specifically in the "Country" field. There is no sanitization of this field, so an attacker can exploit it for malicious activities and gain foothold. The vulnerability has been seen to be exploited in the wild to deploy Mirai botnet.
Affected Products
TP-Link Archer AX21 (AX1800) Version 1.1.4 Build 20230219 or prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor:
https://www.tp-link.com/us/support/download/archer-ax21/v3/#Firmware
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2024-01-23 | 26.720 | Sig Added |
| 2023-04-03 | 23.526 | Default_action:pass:drop |
| 2023-03-23 | 23.519 |
| ID | 52742 |
| Created | Mar 15, 2023 |
| Updated | Jan 23, 2024 |
| Outbreak Alert | TP-Link Archer AX-21 Command Injection |
| Threat Signal | View Report |
| Risk |
|
| CVE ID | CVE-2023-1389 |
| Known Exploited | Yes |
| Exploit Prediction Score | 6.88% |
| Default Action | drop |
| Active | |
| Affected OS | Linux |
| Affected App | Other |