TP-Link Archer AX21 (AX1800) firmware versions prior to 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated malicious user to inject commands, which would be run as root, with a simple POST request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tp-link archer_ax21_firmware |
Multiple botnets exploiting one-year-old TP-Link flaw to hack routers By Bill Toulas April 17, 2024 09:03 AM 0 At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 (AX1800) routers vulnerable to a command injection security issue reported and addressed last year. Tracked as CVE-2023-1389, the flaw is a high-severity unauthenticated command injection problem in the locale API reachable through the TP-Link Archer AX21 web management interface. Several researcher...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources With 13 new payloads it's the biggest update to the botnet in months
The infamous Mirai botnet was spotted by researchers who say it is spinning up again, this time with an "aggressively updated arsenal of exploits." It's the first major update to the IZ1H9 Mirai variant in months and arrives bolstered with tools to break into devices from D-Link and Zyxel, among others. Researchers at FortiGuard Labs, a team within security vendor Fortinet, said they spotted activity peaking in September, with some devices experiencing tens of thousands of attempts at break-ins ...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources One affects VMware's monitoring tool and the other TP-Link routers
Miscreants are right now exploiting two security bugs for which patches exist, one in a VMware network and applications monitoring tool and the other in some TP-Link routers. VMware two weeks ago issued a fix for CVE-2023-20887, a critical command-injection vulnerability in Aria Operations for Networks that can be abused to achieve remote code execution. Meanwhile, TP-Link patched CVE-2023-1389 in mid-March. This is another command-injection vulnerability that can lead to remote code execution. ...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Oracle and Apache holes also on Uncle Sam's list of big bad abused bugs
The US government's Cybersecurity and Infrastructure Security Agency (CISA) is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that is being targeted by the operators of the notorious Mirai botnet. The other two placed on the list this week involve versions of Oracle's WebLogic Server software and the Apache Foundation's Log4j Java logging library. The command-injection flaw in TP-Link's Archer AX21 Wi-Fi 6 routers – tracked as CV...