A new Mirai botnet variant targets TP-Link Archer A21

1 year ago
April 25, 2023
0 replies
4 views

+54

Jasper_The_Rasper
Moderator
11535 replies

April 25, 2023 By Pierluigi Paganini

Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451) in TP-Link Archer A21 in recent attacks.

Last week, the Zero Day Initiative (ZDI) threat-hunting team observed the Mirai botnet attempting to exploit the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451, CVSS v3: 8.8) in TP-Link Archer AX21 Wi-Fi routers.

The CVE-2023-1389 flaw is an unauthenticated command injection vulnerability that resides in the locale API of the web management interface of the TP-Link Archer AX21 router. The root cause of the problem is the lack of input sanitization in the locale API that manages the router’s language settings. A remote attacker can trigger the issue to inject commands that should be executed on the device.

>> Full Article <<

Be the first to reply!

April 25, 2023 By Pierluigi Paganini

Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451) in TP-Link Archer A21 in recent attacks.

Reply

Related Topics

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

MANGA aka Dark Mirai-based Campaign Targets New TP-Link Router RCE Vulnerability

Mirai DDoS malware variant expands targets with 13 router exploits

IZ1H9 Campaign Enhances Its Arsenal with Scores of Exploits

Latest Mirai Variant Targets SonicWall, D-Link and IoT Devices

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded