Security Flaw in TP-Link Router Receives 10 out of 10 Severity Rating

Security Flaw
Critical security flaw in TP-Link Archer routers rated 10/10 in severity, prompting urgent firmware updates and security measures. Learn how to protect your device.

A critical security vulnerability in TP-Link Archer routers has been rated with a perfect severity score of 10 out of 10, prompting urgent warnings from cybersecurity experts. The flaw, identified as CVE-2023-1389, is an unauthenticated command injection vulnerability found in the web management interface of TP-Link Archer AX21 (AX1800) routers. This exploit allows attackers to execute arbitrary commands remotely, leading to severe security breaches.

The Nature of the Vulnerability

The vulnerability, which stems from improper input sanitization in the locale API, was first discovered in early 2023 by researchers who reported it to TP-Link through the Zero Day Initiative. Despite a firmware update released in March 2023, the issue persists in many devices that have not been patched. The flaw allows remote attackers to send specially crafted requests to the router, leading to command execution that compromises the device.

Exploitation by Botnets

Multiple botnets, including variants of the notorious Mirai malware, have been actively exploiting this vulnerability. These botnets co-opt vulnerable routers into large-scale distributed denial of service (DDoS) attacks. Reports indicate that the Mirai botnet specifically targets game servers, utilizing the compromised routers to launch powerful attacks that can overwhelm network resources.

According to Fortinet, a surge in malicious activities exploiting CVE-2023-1389 has been observed since March 2024, with infection attempts reaching up to 50,000 daily. The botnets employ different strategies to maintain control over the compromised devices, making them part of their network for malicious purposes.

Symptoms and Risks

Signs of an infected TP-Link router include frequent internet disconnections, unexplained changes in network settings, overheating of the device, and the resetting of administrator credentials. These symptoms indicate that the router has been compromised and is likely being used in malicious activities without the owner’s knowledge.

Mitigation and Recommendations

To protect against this vulnerability, users are advised to update their router firmware to the latest version provided by TP-Link. Additionally, changing default admin passwords and disabling web access to the admin panel if not necessary can help mitigate risks. TP-Link has released a firmware update that addresses this vulnerability, and users should ensure their devices are up-to-date.

The cybersecurity community emphasizes the importance of regular firmware updates and robust security practices to prevent such exploits. With many users still operating unpatched devices, the risk of widespread attacks remains high.

About the author

Avatar photo

Gauri

Gauri, a graduate in Computer Applications from MDU, Rohtak, and a tech journalist for 4 years, excels in covering diverse tech topics. Her contributions have been integral in earning PC-Tablet a spot in the top tech news sources list last year. Gauri is known for her clear, informative writing style and her ability to explain complex concepts in an accessible manner.

Add Comment

Click here to post a comment

Follow Us on Social Media

Web Stories

Best performing phones under Rs 70,000 in December 2024: iQOO 13, OPPO Find X8, and more! realme 14X 5G Review Redmi Note 14 Pro vs Realme 13 Pro Most Affordable 5G Phones Under Rs 12000 in December 2024: Samsung, Redmi, Lava, Poco & More! Best mobile phones under Rs 35,000 in December 2024: realme GT 6T, Vivo T3 Ultra 5G and more! Best Mobile Phones under Rs 25,000 in December 2024: Nothing Phone 2(a), OnePlus Nord CE 4 Lite & More!