Old Vulnerability, New Attacks: Botnets Swarm Exploited CVE-2023-1389 in TP-Link Routers

TP-Link Routers Vulnerability
Condi’s attacking methods

Cybersecurity experts at FortiGuard Labs are sounding the alarm about a wave of attacks targeting a known vulnerability in TP-Link Archer AX21 routers. Despite a year-old fix, hackers are exploiting unpatched devices, fueling the growth of dangerous botnets. These botnets include notorious names like Moobot, Mirai, and others, each specializing in different malicious activities.

The Vulnerability: CVE-2023-1389

At the core of the attacks lies a security flaw labeled CVE-2023-1389. This vulnerability, found in the TP-Link Archer AX21’s web management interface, allows hackers to inject malicious code without needing the router’s password. Think of it as a backdoor left unlocked.

Botnets: Turning Your Router into a Hacker’s Weapon

Condi’s attacking methods

Once a router is infected, it essentially becomes a mindless soldier in the hacker’s botnet army. FortiGuard Labs researchers analyzed several key players:

  • AGoent: This malware establishes a secret link with its command-and-control server, reporting randomly generated usernames and passwords created on the compromised router.
  • Gafgyt Variant: This botnet focuses on Distributed Denial of Service (DDoS) attacks, flooding websites or entire networks with overwhelming amounts of fake traffic intended to crash them.
  • Moobot & Mirai Variants: These botnets specialize in spreading the infection to even more devices and can then launch various attacks as directed by cybercriminals.
  • Condi: This malware is designed to disrupt the systems it infects, deleting critical shutdown functions and monitoring to kill security software. It has recently been updated with even more potent attack methods.

Protect Yourself: Urgent Steps

  1. Patch Immediately: If you own a TP-Link Archer AX21, check TP-Link’s official support site for firmware updates and apply them right away.
  2. Strong Passwords: Use complex, unique passwords for your router’s admin panel. Avoid default passwords at all costs.
  3. Security Basics: Keep all your devices (computers, phones, smart appliances) updated with the latest security patches. Disable remote management features on your router unless you absolutely need them.
  4. Consider Advanced Protection: A reputable firewall or security software suite adds another layer of defense to your home network.

The Ongoing Battle

Users should be vigilant against DDoS botnets and promptly apply patches to safeguard their network environments from infection, preventing them from becoming bots for malicious threat actors,” says FortiGuard Labs expert.