• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

CISA Warns About Mirai Botnet Exploit on Some TP-Link Routers

TheLostSwede

News Editor
Joined
Nov 11, 2004
Messages
17,768 (2.42/day)
Location
Sweden
System Name Overlord Mk MLI
Processor AMD Ryzen 7 7800X3D
Motherboard Gigabyte X670E Aorus Master
Cooling Noctua NH-D15 SE with offsets
Memory 32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s) Gainward GeForce RTX 4080 Phantom GS
Storage 1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s) Acer XV272K LVbmiipruzx 4K@160Hz
Case Fractal Design Torrent Compact
Audio Device(s) Corsair Virtuoso SE
Power Supply be quiet! Pure Power 12 M 850 W
Mouse Logitech G502 Lightspeed
Keyboard Corsair K70 Max
Software Windows 10 Pro
Benchmark Scores https://valid.x86.fr/yfsd9w
Owners of TP-Link routers ought to heed a warning from the US government's Cybersecurity and Infrastructure Security Agency (CISA), as at least one router model from the company is vulnerable to known exploits. The exploit is actively targeted by Mirai botnet operators and it allows for injection of commands that could allow them to take over the routers via remote code execution (RCE) software. The router from TP-Link that is known to be vulnerable to the exploits is the Archer AX-21, a fairly recent entry level AX1800 Wi-Fi 6 model that is sold globally by the company.

The specific exploit for the Archer AX-21 is tracked as CVE-2023-1389 and is affecting all Archer AX-21 routers with a firmware version older than 1.1.4 2023019, as it's said to address the vulnerabilities. Users who have linked their router to a TP-Link cloud account and allow for automatic updates should already have had their router firmware automatically updated, but everyone else should update their router firmware as soon as possible. There have already been reports of the exploit being actively used by the Mirai botnet to take over routers in Eastern Europe as of the middle of last month, but further parts of the world aren't spared from attacks either by now. Routers might often be devices that are forgotten in a corner somewhere, but it's important to keep the firmware up to date, especially as they are increasingly becoming the target of hackers.



View at TechPowerUp Main Site | Source
 
Joined
Oct 18, 2013
Messages
6,263 (1.53/day)
Location
Over here, right where you least expect me to be !
System Name The Little One
Processor i5-11320H @4.4GHZ
Motherboard AZW SEI
Cooling Fan w/heat pipes + side & rear vents
Memory 64GB Crucial DDR4-3200 (2x 32GB)
Video Card(s) Iris XE
Storage WD Black SN850X 4TB m.2, Seagate 2TB SSD + SN850 4TB x2 in an external enclosure
Display(s) 2x Samsung 43" & 2x 32"
Case Practically identical to a mac mini, just purrtier in slate blue, & with 3x usb ports on the front !
Audio Device(s) Yamaha ATS-1060 Bluetooth Soundbar & Subwoofer
Power Supply 65w brick
Mouse Logitech MX Master 2
Keyboard Logitech G613 mechanical wireless
Software Windows 10 pro 64 bit, with all the unnecessary background shitzu turned OFF !
Benchmark Scores PDQ
Ah ha, the Toilet Paper guys massively fail AGAIN, hehehe :)
 

TheLostSwede

News Editor
Joined
Nov 11, 2004
Messages
17,768 (2.42/day)
Location
Sweden
System Name Overlord Mk MLI
Processor AMD Ryzen 7 7800X3D
Motherboard Gigabyte X670E Aorus Master
Cooling Noctua NH-D15 SE with offsets
Memory 32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s) Gainward GeForce RTX 4080 Phantom GS
Storage 1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s) Acer XV272K LVbmiipruzx 4K@160Hz
Case Fractal Design Torrent Compact
Audio Device(s) Corsair Virtuoso SE
Power Supply be quiet! Pure Power 12 M 850 W
Mouse Logitech G502 Lightspeed
Keyboard Corsair K70 Max
Software Windows 10 Pro
Benchmark Scores https://valid.x86.fr/yfsd9w
Joined
Nov 6, 2014
Messages
117 (0.03/day)
Processor Intel i7 13700K
Motherboard ASUS PROArt Z690 Creator WiFi
Cooling Liquid Freezer II - 280
Memory Kingston 32GB DDR5 @ 6200 MT/s
Video Card(s) Palit RTX3070 GamingPRO
Storage TrueNAS CORE
Case Phanteks ECLIPSE P600S
Audio Device(s) Creative Sound Blaster AE-5
Power Supply SEASONIC CONNECT 750W
tough luck, I switched my parents' TP-Link to OpenWRT
 

TheLostSwede

News Editor
Joined
Nov 11, 2004
Messages
17,768 (2.42/day)
Location
Sweden
System Name Overlord Mk MLI
Processor AMD Ryzen 7 7800X3D
Motherboard Gigabyte X670E Aorus Master
Cooling Noctua NH-D15 SE with offsets
Memory 32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s) Gainward GeForce RTX 4080 Phantom GS
Storage 1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s) Acer XV272K LVbmiipruzx 4K@160Hz
Case Fractal Design Torrent Compact
Audio Device(s) Corsair Virtuoso SE
Power Supply be quiet! Pure Power 12 M 850 W
Mouse Logitech G502 Lightspeed
Keyboard Corsair K70 Max
Software Windows 10 Pro
Benchmark Scores https://valid.x86.fr/yfsd9w
tough luck, I switched my parents' TP-Link to OpenWRT
Yeah, I have a couple of older TP-Link devices on OpenWRT as well.
In fact, the range extender died on the TP-Link firmware, but has worked another 2-3 years on OpenWRT...
I wouldn't recommend anyone using TP-Link hardware that faces the internet, as this is far from the first time they've had major security holes in their products.
They also don't provide firmware updates for more than a year until they switch to a new hardware revision and wishes their customers good luck.
 

AsRock

TPU addict
Joined
Jun 23, 2007
Messages
19,107 (2.99/day)
Location
UK\USA
Users who have linked their router to a TP-Link cloud account and allow for automatic updates

yeah that sounds like a great feature haha.

Stopped buying \ using TP Link products a long time ago.
 
Joined
Oct 18, 2013
Messages
6,263 (1.53/day)
Location
Over here, right where you least expect me to be !
System Name The Little One
Processor i5-11320H @4.4GHZ
Motherboard AZW SEI
Cooling Fan w/heat pipes + side & rear vents
Memory 64GB Crucial DDR4-3200 (2x 32GB)
Video Card(s) Iris XE
Storage WD Black SN850X 4TB m.2, Seagate 2TB SSD + SN850 4TB x2 in an external enclosure
Display(s) 2x Samsung 43" & 2x 32"
Case Practically identical to a mac mini, just purrtier in slate blue, & with 3x usb ports on the front !
Audio Device(s) Yamaha ATS-1060 Bluetooth Soundbar & Subwoofer
Power Supply 65w brick
Mouse Logitech MX Master 2
Keyboard Logitech G613 mechanical wireless
Software Windows 10 pro 64 bit, with all the unnecessary background shitzu turned OFF !
Benchmark Scores PDQ
I wouldn't recommend anyone using TP-Link hardware that faces the internet, as this is far from the first time they've had major security holes in their products.
They also don't provide firmware updates for more than a year until they switch to a new hardware revision and wishes their customers good luck
hence my comment above :D
 
Joined
Dec 30, 2010
Messages
2,200 (0.43/day)
But this only applies, when the router is directly connected to the WAN / Internet right? And not another model/router combi in between.
 
Joined
Feb 21, 2006
Messages
2,240 (0.33/day)
Location
Toronto, Ontario
System Name The Expanse
Processor AMD Ryzen 7 5800X3D
Motherboard Asus Prime X570-Pro BIOS 5013 AM4 AGESA V2 PI 1.2.0.Cc.
Cooling Corsair H150i Pro
Memory 32GB GSkill Trident RGB DDR4-3200 14-14-14-34-1T (B-Die)
Video Card(s) XFX Radeon RX 7900 XTX Magnetic Air (24.12.1)
Storage WD SN850X 2TB / Corsair MP600 1TB / Samsung 860Evo 1TB x2 Raid 0 / Asus NAS AS1004T V2 20TB
Display(s) LG 34GP83A-B 34 Inch 21: 9 UltraGear Curved QHD (3440 x 1440) 1ms Nano IPS 160Hz
Case Fractal Design Meshify S2
Audio Device(s) Creative X-Fi + Logitech Z-5500 + HS80 Wireless
Power Supply Corsair AX850 Titanium
Mouse Corsair Dark Core RGB SE
Keyboard Corsair K100
Software Windows 10 Pro x64 22H2
Benchmark Scores 3800X https://valid.x86.fr/1zr4a5 5800X https://valid.x86.fr/2dey9c 5800X3D https://valid.x86.fr/b7d
Joined
May 3, 2018
Messages
2,881 (1.19/day)
Stopped looking at TP_link as an option after they were found leaking information to a third party last year. Trust them as much as Huawei. But I didn't know they can run OpenWRT.
 

Rouxenator

New Member
Joined
Mar 23, 2022
Messages
5 (0.00/day)
So only the AX-21 then? That is one model. I run a mix of Asus, Toilet Paper Link and Totolink, the trick is to keep them up to date.

Despite being a 7 year old DSL/fibre router the Asus still got a security update recently.
 
Top