Actively exploited vulnerability

CVE-2023-1389: TP-Link Archer AX-21 Command Injection Vulnerability

TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.

CISA KEV source 1 May 2023 added 22 May 2023 remediation due

Affected product

TP-Link ยท Archer AX21

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

Apply updates per vendor instructions.

Related Yasna coverage

Recent reporting that mentions CVE-2023-1389.

Bleeping Computer25 Apr 2023

TP-Link Archer WiFi router flaw exploited by Mirai malware

The Mirai malware botnet is actively exploiting a TP-Link Archer A21 (AX1800) WiFi router vulnerability tracked as CVE-2023-1389 to incorporate devices into DDoS (distributed denial of service) swarms. [...]