TP-Link Archer AX-21 Command Injection Attack
Wifi Router vulnerability actively exploited
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 contains a command injection vulnerability in the web management interface specifically in the "Country" field. There is no sanitization of this field, so an attacker can exploit it for malicious activities and gain foothold. The vulnerability has been seen to be exploited in the wild to deploy Mirai botnet. Learn More »
Common Vulnerabilities and Exposures
Background
TP-Link is one of the global provider of WLAN devices and Archer AX21 is a Wifi router which has been used in attacks to deploy Mirai botnet. Previously we have seen Mirai based botnet attack on various other IoT devices and routers from other brands. In Feb, 2023, FortiGuard labs released a report on active attacks on vulnerable routers from other brands such as D-Link, DSAN and Netgear. See Additional Resources for the full report.
Threat Radar Overall Score: 3.2
CVSS Rating | 8.0 | |
FortiRecon Score | 79/100 | |
Known Exploited | Yes | |
Exploit Prediction Score | 6.88% | |
FortiGuard Telemetry | 75717 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
April 27, 2023: TP-Link released a security advisory.
https://www.tp-link.com/us/support/faq/3643/
May 1st, 2023: CISA added CVE-2023-1389 to its known exploited catalog (KEV).
May 09, 2023: FortiGuard Labs released a Threat signal on vulnerability.
https://www.fortiguard.com/threat-signal-report/5157
FortiGuard observed active attack attempts trying to exploit the TP-Link vulnerability (CVE-2023-1389). Fortinet customers remain protected by the IPS signature and recommends organizations to review the affected version of the TP-Link and apply patches as recommended by the vendor as soon as possible.
https://www.tp-link.com/ca/support/download/archer-ax21/v3/
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
AV (Pre-filter)
-
IPS
-
IOC
-
Outbreak Detection
-
Threat Hunting
-
Assisted Response Services
-
Automated Response
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
AV Detects and blocks known malware related to TP-Link Archer vulnerability (CVE-2023-1389)
AV (Pre-filter) Detects and blocks known malware related to TP-Link Archer vulnerability (CVE-2023-1389)
IPS Detects and blocks attack attempts related to TP-Link Archer vulnerability (CVE-2023-1389)
Outbreak Detection
Threat Hunting
Assisted Response Services Experts to assist you with analysis, containment and response activities.
Automated Response Services that can automaticlly respond to this outbreak.
FortiClient Forensics
InfoSec Services Security readiness and awareness training for SOC teams, InfoSec and general employees.
Attack Surface Monitoring (Inside & Outside) Security reconnaissance and penetration testing services, covering both internal & external attack vectors, including those introduced internally via software supply chain.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.