April 17, 2024 at 09:09AM
Six botnet malware operations target TP-Link Archer AX21 routers vulnerable to CVE-2023-1389, a high-severity command injection flaw. Discovered in January 2023, it was fixed by TP-Link in March 2023. Mirai variants, “Condi,” and botnets like Moobot and Miori exploit the vulnerability for DDoS attacks. Users are urged to update firmware and secure admin passwords.
Based on the meeting notes, here are the key takeaways:
– A high-severity unauthenticated command injection flaw, CVE-2023-1389, was reported and addressed by TP-Link in March 2023, but multiple botnet operations are targeting TP-Link Archer AX21 routers vulnerable to this issue.
– Cybersecurity teams have warned about multiple botnets, including Mirai variants, “Condi,” “AGoent,” and the Gafgyt Variant, targeting unpatched devices and exploiting the vulnerability.
– Fortinet has observed a surge in malicious activity exploiting the vulnerability, originating from six botnet operations, with infection attempts often reaching beyond 40,000 daily.
– Each botnet utilizes different methods and scripts to exploit the vulnerability and engage in malicious activities such as distributed denial of service (DDoS) attacks.
– Despite the release of a security update by TP-Link last year, a significant number of users continue to use outdated firmware, making them vulnerable to these attacks.
– TP-Link Archer AX21 (AX1800) router users are advised to follow the vendor’s firmware upgrading instructions, change default admin passwords, and disable web access to the admin panel if not needed.
These takeaways highlight the urgency for users to update their firmware, implement strong passwords, and take additional security measures to protect against these botnet operations targeting the CVE-2023-1389 vulnerability.