Experts have detected a high-severity security flaw in certain TP-Link Wi-Fi routers (opens in new tab) that’s currently being used to hijack the devices and recruit them into a vast botnet that would later be used for Distributed Denial of Service (DDoS) attacks.
A report from the Zero Day Initiative (ZDI), a program created to encourage the reporting of zero-day vulnerabilities privately to the affected vendors found that since mid-April this year, threat actors started abusing CVE-2023-1389, a high-severity flaw found in TP-Link Archer A21 (AX1800) Wi-Fi routers.
The flaw, carrying a severity score of 8.8, is described as an unauthenticated command injection flaw in the locale API of the web management interface on the device.
Mirai expanding
Hackers are using the flaw to deploy the Mirai malware, ZDI further states, which turns the targeted device into a bot for the Mirai botnet. They first targeted routers in Eastern Europe earlier this month, only to expand globally later on.
TP-Link was tipped off on the existence of the zero-day in January this year, after two separate research groups demonstrated how to abuse the flaw during the Pwn2Own Toronto hacking event in December 2022. The company first tried to fix the issue in late February, but the patch was incomplete and the devices remained vulnerable.
Last month, however, TP-Link issued a new firmware update that successfully addressed CVE-2023-1389. IT admins and owners of the Archer AX21 AX1800 Wi-Fi router should make sure their device’s hardware is updated at least to version 1.1.4 Build 20230219.
Some of the symptoms of a compromised router include frequent disconnections from the internet, changes on the device’s network settings that no one seems to have made, the resetting of administrator credentials, and the inexplicable overheating of the router.
Via: BleepingComputer (opens in new tab)
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba