Heimdal
Home > Cybersecurity News

Surge in Botnets Exploiting CVE-2023-1389 to Infect TP-Link Archer Routers

Sysadmins Urged to Apply Year-Old Available Patch and Protect Infrastructure.

Last updated on April 17, 2024

article featured image

Contents:

Researchers observed a rise in daily infection attempts leveraging old TP-Link Archer Command Injection Vulnerability.

Since March 2024, six botnet malware operations showed interest in scanning TP-Link Archer AX21 (AX1800) routers for CVE-2023-1389. The daily number of attempts ranged between 40,000 – 50,000 during the month.

botnets attempts to exploit tp-link archer routers

Source – Bleeping Computer

The vendor released a patch for CVE-2023-1389 in March 2023. Last year it was one of the most exploited vulnerabilities, yet there are still unpatched devices out there.

Why is the TP-Link Archer command injection vulnerability dangerous?

Postponing or overlooking patching tasks turns TP-Link Archer routers vulnerable. The TP-Link Archer Command Injection Vulnerability got an 8.8 CVSS score, which means high severity.

By exploiting CVE-2023-1389 hackers can execute code remotely on the compromised devices.

Researchers say the six botnets they`ve observed use different techniques and scripts to exploit the CVE and compromise the routers. Most of the times, the attackers use victim devices for

  • distributed denial of service (DDoS)
  • brute force attacks

The six botnets that tried lately to exploit the TP-Link Archer Command Injection Vulnerability are:

  • AGoent
  • Gafgyt
  • Moobot
  • Miori
  • Mirai
  • Condi

How to protect TP-Link Archer routers against botnets

If you didn`t apply the patch for CVE-2023-1389, do it now. The patch management process is redundant and time-consuming. Also, prioritizing vulnerabilities can be complicated.

But the risks are too high to ignore, says Mikkel Pedersen, Cybersecurity Speaker & Community Leader:

not patching, leaving software vulnerable, is the same as leaving your front door unlocked. It’s an open invitation for everyone to get in and take what they want.

You can pay and buy all the tools you want. An antivirus, endpoint detection, firewalls, and everything else out there, but if you don’t patch, you’re just throwing money into a big hole and still leaving the front door unlocked.

To keep up with the variety of software that needs updating, use an automated patch management solution. Top patch management software will help close vulnerabilities faster and take the pressure off the IT team.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

Related Articles

Main Types of Patch Management Solutions: A Decision-Making GuideThe 7 Key Steps of the Effective Patch Management ProcessBest Patch Management Software & Tools 2024Automated Patch Management Explained: Definition, Benefits, Best Practices & MoreWhy Organizations Struggle With Vulnerability Management?Vulnerabilities in TP-Link IoT Devices Can Get You HackedTP-Link High-Severity Flaw Added to Mirai Botnet ArsenalSix Patch Management Best Practices [Updated 2024]What Is a CVE? Common Vulnerabilities and Exposures Explained

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V