The Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Government has alerted TP-Link router users to a vulnerability that is currently being exploited by Mirai botnet operators.

The globally available TP-Link Archer AX-21 router, an entry-tier AX1800 Wi-Fi 6 model, is prone to known attack vectors that enable command injection, leading to the implementation of remote code execution (RCE) software. This security vulnerability is identified as CVE-2023-1389 and is applicable to all Archer AX-21 routers running firmware versions older than 1.1.4 2023019, which rectifies this issue.

CISA has incorporated this TP-Link router vulnerability, along with two others, into its Known Exploited Vulnerabilities Catalog in response to concrete evidence of active exploitation. This catalog is a dynamic compilation of identified Common Vulnerabilities and Exposures (CVEs) that pose considerable risk to federal enterprises. As per Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are obligated to address these vulnerabilities within a stipulated timeline to safeguard FCEB networks from live threats. While BOD 22-01 is exclusively applicable to FCEB agencies, CISA encourages all organizations to prioritize prompt remediation of cataloged vulnerabilities as an integral aspect of their vulnerability management approach.

Recent reports indicate that the TP-Link vulnerability has been actively exploited by the Mirai botnet in Eastern Europe and other regions. It is critical for users to update their router firmware to version 1.1.4 2023019 at the earliest. Users with a TP-Link cloud account and enabled automatic updates should already have their firmware updated. Given the growing trend of hackers targeting routers, maintaining updated firmware is vital to minimize susceptibility to cyberattacks.

CISA Warns of TP-Link Router Vulnerability: Update Your Firmware Now