TP-Link routers targeted by Mirai botnet once again, US government warns2023-05-03 17:35 by Daniela
Tags: TP-Link, Mirai, Archer AX21
The United States Cybersecurity and Infrastructure Security Agency (CISA) is warning businesses to patch TP-Link routers which are being actively targeted by malicious actors looking to recruit them into the Mirai botnet. The affected router is TP-Link Archer AX21.
The TP-Link router exploit was first detected at the Pwn2Own Toronto hacking event last December, where two different teams were able to breach the device using the LAN and WAN interfaces. The issue was reported to TP-Link in January and the company released a patch for it last month.
The command-injection flaw in TP-Link's Archer AX21 Wi-Fi 6 routers – tracked as CVE-2023-1389 – lurks in device firmware prior to version 1.1.4 Build 20230219, which addresses the issue. An unauthorized attacker can exploit this hole to inject commands that could lead to remote code execution (RCE), enabling the intruder to take control of the device from across the network or internet.
Operators of the Mirai botnet are known for quickly exploiting vulnerabilities in IoT devices, so it's not a major surprise for researchers that they have been able to start targeting the latest flaw so soon after it was disclosed publicly. Either way, applying the patch is the only way to mitigate the vulnerability, so all TP-Link Archer AX21 owners should do it as soon as possible to prevent any possible security risk.
Read more -here-