Mirai botnet exploits CVE-2023-1389 to add TP-Link Archer A21 (AX1800) routers to DDoS attacks. During the Pwn2Own Toronto event in December 2022, two hacking teams exploited the vulnerability in different ways via:-
In January 2023, the flaw was unveiled to TP-Link, and just after the report, TP-Link released a new firmware update with the fix last month.
Mirai botnet has updated its toolkit to include CVE-2023-1389, as observed by the ZDI threat-hunting team detecting new exploit attempts in Eastern Europe via their telemetry system.
This vulnerability is an unauthenticated command injection vulnerability, and it has been identified in the web management interface’s locale API.
Successful exploitation of this flaw enables users to specify the form they want to call via the query string form and an operation, which is typical:-
or
Cyber attackers can exploit the flaw by incorporating a command payload as part of the country parameter and subsequently initiating a second request to activate the command.
On April 11, 2023, the initial indications of in-the-wild exploitation surfaced, and since then, malicious activity has been identified globally.
Mirai malware botnet now uses the vulnerability to compromise the devices, and then subsequently, it procures the device into its botnet by downloading the suitable binary payload for the router’s architecture.
The current version of Mirai concentrates on DDoS attacks, particularly on game servers. It can target Valve Source Engine (VSE) and possesses features that reflect this focus.
This new malware version can replicate authentic network traffic, making it challenging for DDoS mitigation solutions to detect malicious traffic.
For identification or detection, here below, we have mentioned the common signs of an infected TP-Link router:-
On February 24, 2023, TP-Link took steps to address the issue at hand. Unfortunately, the company’s solution was inadequate and failed to prevent further exploitation.
But, on March 14, 2023, the company released a firmware update with the patch to fix CVE-2023-1389, and here below, we have mentioned the updated version:-
If you are a user of the Archer AX21 AX1800 dual-band WiFi 6 router, then can download the latest firmware update from their official update page.
Building Your Malware Defense Strategy – Download Free E-Book
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…
Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated cybercriminals to achieve its strategic goals,…