CISA Warns About Mirai Botnet Exploit on Some TP-Link Routers

[TheLostSwede]

Owners of TP-Link routers ought to heed a warning from the US government's Cybersecurity and Infrastructure Security Agency (CISA), as at least one router model from the company is vulnerable to known exploits. The exploit is actively targeted by Mirai botnet operators and it allows for injection of commands that could allow them to take over the routers via remote code execution (RCE) software. The router from TP-Link that is known to be vulnerable to the exploits is the Archer AX-21, a fairly recent entry level AX1800 Wi-Fi 6 model that is sold globally by the company.

The specific exploit for the Archer AX-21 is tracked as CVE-2023-1389 and is affecting all Archer AX-21 routers with a firmware version older than 1.1.4 2023019, as it's said to address the vulnerabilities. Users who have linked their router to a TP-Link cloud account and allow for automatic updates should already have had their router firmware automatically updated, but everyone else should update their router firmware as soon as possible. There have already been reports of the exploit being actively used by the Mirai botnet to take over routers in Eastern Europe as of the middle of last month, but further parts of the world aren't spared from attacks either by now. Routers might often be devices that are forgotten in a corner somewhere, but it's important to keep the firmware up to date, especially as they are increasingly becoming the target of hackers.



View at TechPowerUp Main Site | Source

 

[bonehead123]

Ah ha, the Toilet Paper guys massively fail AGAIN, hehehe

 

[Verpal]

Mirai botnet? Its still online? How many years has it been?

 

[TheLostSwede]

Mirai botnet? Its still online? How many years has it been?

Apparently. Coming up on seven years it seems.

 

[zmeul]

tough luck, I switched my parents' TP-Link to OpenWRT

 

[TheLostSwede]

tough luck, I switched my parents' TP-Link to OpenWRT

Yeah, I have a couple of older TP-Link devices on OpenWRT as well.
In fact, the range extender died on the TP-Link firmware, but has worked another 2-3 years on OpenWRT...
I wouldn't recommend anyone using TP-Link hardware that faces the internet, as this is far from the first time they've had major security holes in their products.
They also don't provide firmware updates for more than a year until they switch to a new hardware revision and wishes their customers good luck.

 

[AsRock]

Users who have linked their router to a TP-Link cloud account and allow for automatic updates

yeah that sounds like a great feature haha.

Stopped buying \ using TP Link products a long time ago.

 

[bonehead123]

I wouldn't recommend anyone using TP-Link hardware that faces the internet, as this is far from the first time they've had major security holes in their products.
They also don't provide firmware updates for more than a year until they switch to a new hardware revision and wishes their customers good luck

hence my comment above

 

[Jism]

But this only applies, when the router is directly connected to the WAN / Internet right? And not another model/router combi in between.

 

[Makaveli]

Ah ha, the Toilet Paper guys massively fail AGAIN, hehehe

I agree a pretty shi**y situation for them.

 

[Minus Infinity]

Stopped looking at TP_link as an option after they were found leaking information to a third party last year. Trust them as much as Huawei. But I didn't know they can run OpenWRT.

 

[Rouxenator]

So only the AX-21 then? That is one model. I run a mix of Asus, Toilet Paper Link and Totolink, the trick is to keep them up to date.

Despite being a 7 year old DSL/fibre router the Asus still got a security update recently.