Owners of TP-Link routers ought to heed a warning from the US government's Cybersecurity and Infrastructure Security Agency (CISA), as at least one router model from the company is vulnerable to known exploits. The exploit is actively targeted by Mirai botnet operators and it allows for injection of commands that could allow them to take over the routers via remote code execution (RCE) software. The router from TP-Link that is known to be vulnerable to the exploits is the Archer AX-21, a fairly recent entry level AX1800 Wi-Fi 6 model that is sold globally by the company.

The specific exploit for the Archer AX-21 is tracked as CVE-2023-1389 and is affecting all Archer AX-21 routers with a firmware version older than 1.1.4 2023019, as it's said to address the vulnerabilities. Users who have linked their router to a TP-Link cloud account and allow for automatic updates should already have had their router firmware automatically updated, but everyone else should update their router firmware as soon as possible. There have already been reports of the exploit being actively used by the Mirai botnet to take over routers in Eastern Europe as of the middle of last month, but further parts of the world aren't spared from attacks either by now. Routers might often be devices that are forgotten in a corner somewhere, but it's important to keep the firmware up to date, especially as they are increasingly becoming the target of hackers.