Critical TP-Link Flaw Under Attack: Update Now

Fortinet reports that malicious actors continue to exploit a year-old vulnerability in TP-Link routers, incorporating them into various botnets for conducting DDoS attacks.

The command injection vulnerability, CVE-2023-1389 (CVSS score: 8.8), was identified at the Pwn2Own event in Toronto in December 2022 and was subsequently remedied in March 2023. This flaw affects the widely-used TP-Link Archer AX21 model, which has long been a target for botnet operators.

Fortinet has observed numerous attacks exploiting this vulnerability, including the deployment of Mirai and Condi botnet malware. This malicious code enables hackers to gain control over devices to carry out DDoS attacks.

In April 2023, it became known that cybercriminals exploited the same vulnerability to attack TP-Link routers predominantly located in Eastern Europe, incorporating them into the Mirai botnet.

Experts urge users to remain vigilant concerning DDoS botnets and to apply patches promptly to protect their network environments from infection and prevent their routers from becoming part of these botnets.