The CVE-2023-1389 vulnerability was discovered in January 2023 and allowed the execution of command sets in the web management interface of TP-Link routers in the Archer AX21 (AX1800) series. However, the company quickly fixed the vulnerability.
But six botnets are still attacking TP-Link routers simultaneously to hack the interface. There can be up to 40-50 thousand cyber attacks per day. The challenge here is that each botnet operator uses its own mechanisms and scripts to exploit the vulnerability.
For example, the AGoent botnet runs scripts to exploit ELF files and a remote server and deletes these files to cover its tracks after a DDoS attack.
SEQ information security expert Anastasia Melnikova commented on the situation. According to him, it is important that routers support automatic firmware updates. “Routers and other network equipment are often the most neglected equipment,” the expert said. And if these mechanisms are missing or not enabled, routers become “delicious bait for all kinds of botnets that will use them for a variety of malicious activities such as forwarding spam or DDoS attacks.”
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
