"Multiple Botnets Exploiting One-Year-Old TP-Link Flaw to Hack Routers"

At least six different botnet malware operations are seeking TP-Link Archer AX21 (AX1800) routers that are vulnerable to a command injection security flaw. The flaw, tracked as CVE-2023-1389, is a high-severity unauthenticated command injection vulnerability in the locale Application Programming Interface (API) reachable via the TP-Link Archer AX21 web management interface. Researchers discovered it in January 2023 and notified the vendor through the Zero-Day Initiative (ZDI). TP-Link addressed the issue by releasing firmware security updates in March 2023. Following the release of advisories, Proof-of-Concept (PoC) exploit code emerged. This article continues to discuss the exploitation of a one-year-old TP-Link flaw by different botnets to hack routers.

Bleeping Computer reports "Multiple Botnets Exploiting One-Year-Old TP-Link Flaw to Hack Routers"

Submitted by grigby1