CISA Warns About Mirai Botnet Exploit on Some TP-Link Routers

TheLostSwede · May 3, 2023

Owners of TP-Link routers ought to heed a warning from the US government's Cybersecurity and Infrastructure Security Agency (CISA), as at least one router model from the company is vulnerable to known exploits. The exploit is actively targeted by Mirai botnet operators and it allows for injection of commands that could allow them to take over the routers via remote code execution (RCE) software. The router from TP-Link that is known to be vulnerable to the exploits is the Archer AX-21, a fairly recent entry level AX1800 Wi-Fi 6 model that is sold globally by the company.

The specific exploit for the Archer AX-21 is tracked as CVE-2023-1389 and is affecting all Archer AX-21 routers with a firmware version older than 1.1.4 2023019, as it's said to address the vulnerabilities. Users who have linked their router to a TP-Link cloud account and allow for automatic updates should already have had their router firmware automatically updated, but everyone else should update their router firmware as soon as possible. There have already been reports of the exploit being actively used by the Mirai botnet to take over routers in Eastern Europe as of the middle of last month, but further parts of the world aren't spared from attacks either by now. Routers might often be devices that are forgotten in a corner somewhere, but it's important to keep the firmware up to date, especially as they are increasingly becoming the target of hackers.

View at TechPowerUp Main Site | Source

bonehead123 · May 3, 2023

Ah ha, the Toilet Paper guys massively fail AGAIN, hehehe

Verpal · May 3, 2023

Mirai botnet? Its still online? How many years has it been?

TheLostSwede · May 3, 2023

Verpal said:
Mirai botnet? Its still online? How many years has it been?

Apparently. Coming up on seven years it seems.

zmeul · May 3, 2023

tough luck, I switched my parents' TP-Link to OpenWRT

TheLostSwede · May 3, 2023

zmeul said:
tough luck, I switched my parents' TP-Link to OpenWRT

Yeah, I have a couple of older TP-Link devices on OpenWRT as well.
In fact, the range extender died on the TP-Link firmware, but has worked another 2-3 years on OpenWRT...
I wouldn't recommend anyone using TP-Link hardware that faces the internet, as this is far from the first time they've had major security holes in their products.
They also don't provide firmware updates for more than a year until they switch to a new hardware revision and wishes their customers good luck.

AsRock · May 3, 2023

Users who have linked their router to a TP-Link cloud account and allow for automatic updates

yeah that sounds like a great feature haha.

Stopped buying \ using TP Link products a long time ago.

bonehead123 · May 3, 2023

TheLostSwede said:
I wouldn't recommend anyone using TP-Link hardware that faces the internet, as this is far from the first time they've had major security holes in their products.
They also don't provide firmware updates for more than a year until they switch to a new hardware revision and wishes their customers good luck

hence my comment above

Jism · May 3, 2023

But this only applies, when the router is directly connected to the WAN / Internet right? And not another model/router combi in between.

Makaveli · May 3, 2023

bonehead123 said:
Ah ha, the Toilet Paper guys massively fail AGAIN, hehehe

I agree a pretty shi**y situation for them.

Minus Infinity · May 4, 2023

Stopped looking at TP_link as an option after they were found leaking information to a third party last year. Trust them as much as Huawei. But I didn't know they can run OpenWRT.

Rouxenator · May 5, 2023

So only the AX-21 then? That is one model. I run a mix of Asus, Toilet Paper Link and Totolink, the trick is to keep them up to date.

Despite being a 7 year old DSL/fibre router the Asus still got a security update recently.

System Name	Overlord Mk MLI
Processor	AMD Ryzen 7 7800X3D
Motherboard	Gigabyte X670E Aorus Master
Cooling	Noctua NH-D15 SE with offsets
Memory	32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s)	Gainward GeForce RTX 4080 Phantom GS
Storage	1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s)	Acer XV272K LVbmiipruzx 4K@160Hz
Case	Fractal Design Torrent Compact
Audio Device(s)	Corsair Virtuoso SE
Power Supply	be quiet! Pure Power 12 M 850 W
Mouse	Logitech G502 Lightspeed
Keyboard	Corsair K70 Max
Software	Windows 10 Pro
Benchmark Scores	https://valid.x86.fr/yfsd9w

System Name	The Little One
Processor	i5-11320H @4.4GHZ
Motherboard	AZW SEI
Cooling	Fan w/heat pipes + side & rear vents
Memory	64GB Crucial DDR4-3200 (2x 32GB)
Video Card(s)	Iris XE
Storage	WD Black SN850X 4TB m.2, Seagate 2TB SSD + SN850 4TB x2 in an external enclosure
Display(s)	2x Samsung 43" & 2x 32"
Case	Practically identical to a mac mini, just purrtier in slate blue, & with 3x usb ports on the front !
Audio Device(s)	Yamaha ATS-1060 Bluetooth Soundbar & Subwoofer
Power Supply	65w brick
Mouse	Logitech MX Master 2
Keyboard	Logitech G613 mechanical wireless
Software	Windows 10 pro 64 bit, with all the unnecessary background shitzu turned OFF !
Benchmark Scores	PDQ

System Name	Overlord Mk MLI
Processor	AMD Ryzen 7 7800X3D
Motherboard	Gigabyte X670E Aorus Master
Cooling	Noctua NH-D15 SE with offsets
Memory	32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s)	Gainward GeForce RTX 4080 Phantom GS
Storage	1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s)	Acer XV272K LVbmiipruzx 4K@160Hz
Case	Fractal Design Torrent Compact
Audio Device(s)	Corsair Virtuoso SE
Power Supply	be quiet! Pure Power 12 M 850 W
Mouse	Logitech G502 Lightspeed
Keyboard	Corsair K70 Max
Software	Windows 10 Pro
Benchmark Scores	https://valid.x86.fr/yfsd9w

Processor	Intel i7 13700K
Motherboard	ASUS PROArt Z690 Creator WiFi
Cooling	Liquid Freezer II - 280
Memory	Kingston 32GB DDR5 @ 6200 MT/s
Video Card(s)	Palit RTX3070 GamingPRO
Storage	TrueNAS CORE
Case	Phanteks ECLIPSE P600S
Audio Device(s)	Creative Sound Blaster AE-5
Power Supply	SEASONIC CONNECT 750W

System Name	Overlord Mk MLI
Processor	AMD Ryzen 7 7800X3D
Motherboard	Gigabyte X670E Aorus Master
Cooling	Noctua NH-D15 SE with offsets
Memory	32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s)	Gainward GeForce RTX 4080 Phantom GS
Storage	1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s)	Acer XV272K LVbmiipruzx 4K@160Hz
Case	Fractal Design Torrent Compact
Audio Device(s)	Corsair Virtuoso SE
Power Supply	be quiet! Pure Power 12 M 850 W
Mouse	Logitech G502 Lightspeed
Keyboard	Corsair K70 Max
Software	Windows 10 Pro
Benchmark Scores	https://valid.x86.fr/yfsd9w

CISA Warns About Mirai Botnet Exploit on Some TP-Link Routers

TheLostSwede

News Editor

bonehead123

Verpal

TheLostSwede

News Editor

zmeul

TheLostSwede

News Editor

AsRock

TPU addict

bonehead123

Jism

Makaveli

Minus Infinity

Rouxenator

New Member

System Name	The Expanse
Processor	AMD Ryzen 7 5800X3D
Motherboard	Asus Prime X570-Pro BIOS 5013 AM4 AGESA V2 PI 1.2.0.Cc.
Cooling	Corsair H150i Pro
Memory	32GB GSkill Trident RGB DDR4-3200 14-14-14-34-1T (B-Die)
Video Card(s)	XFX Radeon RX 7900 XTX Magnetic Air (24.10.1)
Storage	WD SN850X 2TB / Corsair MP600 1TB / Samsung 860Evo 1TB x2 Raid 0 / Asus NAS AS1004T V2 20TB
Display(s)	LG 34GP83A-B 34 Inch 21: 9 UltraGear Curved QHD (3440 x 1440) 1ms Nano IPS 160Hz
Case	Fractal Design Meshify S2
Audio Device(s)	Creative X-Fi + Logitech Z-5500 + HS80 Wireless
Power Supply	Corsair AX850 Titanium
Mouse	Corsair Dark Core RGB SE
Keyboard	Corsair K100
Software	Windows 10 Pro x64 22H2
Benchmark Scores	3800X https://valid.x86.fr/1zr4a5 5800X https://valid.x86.fr/2dey9c 5800X3D https://valid.x86.fr/b7d