The flaw was discovered by several researchers in January 2023 and reported to the vendor through the Zero-Day Initiative (ZDI)¹. TP-Link addressed the problem with the release of firmware security updates in March 2023¹. However, despite the vendor's release of a security update last year, a significant number of users continue to use outdated firmware¹.
At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 (AX1800) routers vulnerable to this security issue¹. These botnets include Moobot, Miori, AGoent, a Gafgyt variant, and variants of the infamous Mirai botnetā“. Each of these botnets utilizes different methods and scripts to exploit the vulnerability, establish control over the compromised devices, and command them to take part in malicious activities such as distributed denial of service (DDoS) attacks¹.
Recently, Fortinet issued a warning saying that it observed a surge in the malicious activity exploiting the vulnerability, noting that it originated from six botnet operations¹. Fortinet's telemetry data shows that starting in March 2024, daily infection attempts leveraging CVE-2023-1389 often went beyond 40,000 and up to 50,000¹.
The continued exploitation of this year-old vulnerability highlights the importance of regular firmware updates and the need for users to ensure their devices are not left vulnerable to such attacks.
References
(1) Multiple botnets exploiting one-year-old TP-Link flaw to hack routers. https://www.bleepingcomputer.com/news/security/multiple-botnets-exploiting-one-year-old-tp-link-flaw-to-hack-routers/.
(2) Surge in Botnets Exploiting CVE-2023-1389 to Infect TP-Link Archer Routers. https://heimdalsecurity.com/blog/tp-link-archer-command-injection-vulnerability/.
(3) TP-Link routers are still being bombarded with botnet and malware threats. https://www.msn.com/en-ae/news/other/tp-link-routers-are-still-being-bombarded-with-botnet-and-malware-threats/ar-AA1ngnaf.
(4) Various Botnets Pummel Year-Old TP-Link Flaw in IoT Attacks. https://www.darkreading.com/ics-ot-security/various-botnets-pummel-tp-link-flaw-iot-attacks.
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more