|What is TP-Link Archer AX21 (AX1800)?||TP-Link Archer AX21 (AX1800) is a line of consumer-oriented Wi-Fi routers.|
|What is the attack?||A command injection vulnerability exists in TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 that allows an unauthenticated attacker to inject commands and obtain root access via a POST request. The issue has been assigned CVE-2023-1389. The vulnerability has a CVSS base score of 8.8 and is rated HIGH.|
|Why is this significant?||
This is significant because attackers have reportedly started to exploit CVE-2023-1389 in real time attacks. Furthermore, proof-of-concept (PoC) code is publicly available, and various reports have stated that the Mirai malware was deployed to vulnerable TP-Link Archer AX21 devices. CISA added the vulnerability to their Known Exploited Vulnerabilities (KEV) catalog on May 1st, 2023. As such, patches should be applied as soon as possible.
|What is the vendor solution?||According to the TP-Link Advisory, The Archer AX21, if linked to a TP-Link ID, will automatically receive update notifications in the web administration interface and Tether application. TP-Link strongly recommends that you download and update to the latest firmware for this product model as soon as possible.|
|What FortiGuard Coverage is available?|
FortiGuard Labs has AV and IPS signatures in place to detect exploitation attempts of CVE-2023-1389. For a full comprehensive lists of protections from FortiGuard Labs, please visit the Outbreak Alert page for further details.
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 contains a command injection vulnerability in the web management interface specifically in the "Country" field. There is no sanitization of this field, so an attacker can exploit it for malicious activities and gain foothold. The vulnerability has been seen to be exploited in the wild to deploy Mirai botnet.