CVE-2023-1389
TP-Link Archer AX-21 Command Injection Vulnerabili - [Actively Exploited]
Description
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.
INFO
Published Date :
March 15, 2023, 11:15 p.m.
Last Modified :
Nov. 21, 2024, 7:39 a.m.
Source :
[email protected]
Remotely Exploitable :
No
Impact Score :
5.9
Exploitability Score :
2.8
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.
Apply updates per vendor instructions.
https://www.tp-link.com/us/support/download/archer-ax21/v3/#Firmware; https://nvd.nist.gov/vuln/detail/CVE-2023-1389
Public PoC/Exploit Available at Github
CVE-2023-1389 has a 9 public PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
Affected Products
The following products are affected by CVE-2023-1389
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-1389.
| URL | Resource |
|---|---|
| http://packetstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.html | Exploit Third Party Advisory VDB Entry |
| https://www.tenable.com/security/research/tra-2023-11 | Exploit Third Party Advisory |
| http://packetstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.html | Exploit Third Party Advisory VDB Entry |
| https://www.tenable.com/security/research/tra-2023-11 | Exploit Third Party Advisory |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Fog of War Listener - a network traffic inspection and injection tool.
Slides and other reference material for RVASec 2024 presentation
nuclei templates
nuclei templates, poc/exp
TP-Link Archer AX21 - Unauthenticated Command Injection [Loader]
Go
None
Python
Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
cisa-kev vulnerability 0day cisa exploits
Tracking interesting Linux (and UNIX) malware. Send PRs
YARA Shell C HTML Python Perl PHP
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-1389 vulnerability anywhere in the article.
-
Dark Reading
US Ban on TP-Link Routers More About Politics Than Exploitation Risk
Source: metamorworks via ShutterstockWith US government agencies and lawmakers reportedly considering a ban on TP-Link's products in the United States, one might think the company would rank high on t ... Read more
-
Cybersecurity News
PoC Confirms Root Privilege Exploit in TP-Link Archer AXE75 Vulnerability (CVE-2024-53375)
A newly discovered vulnerability in the TP-Link Archer AXE75 router, tracked as CVE-2024-53375, could allow remote attackers to execute arbitrary commands on vulnerable devices. This critical flaw, id ... Read more
-
Cybersecurity News
XorBot Botnet Resurfaces with Advanced Evasion and Exploits, Threatens IoT Devices
NSFOCUS has identified a resurgence of the XorBot botnet, a potent threat to Internet of Things (IoT) devices worldwide. First observed in late 2023, XorBot has evolved significantly, introducing adva ... Read more
-
The Hacker News
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
IoT Security / Vulnerability The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying th ... Read more
-
Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
Androxgh0st Botnet Integrates Mozi, Expands Attacks on IoT Vulnerabilities
CloudSEK reports that the Androxgh0st botnet has integrated with the Mozi botnet and exploits a wide range of vulnerabilities in web applications and IoT devices. Learn about the specific vulnerabilit ... Read more
-
The Hacker News
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries
Cybersecurity researchers have discovered a new botnet malware family called Gorilla (aka GorillaBot) that is a variant of the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which identi ... Read more
-
Cybersecurity News
CVE-2024-42815 (CVSS 9.8): Buffer Overflow Flaw in TP-Link Routers Opens Door to RCE
A critical vulnerability has been found in TP-Link RE365 V1_180213 series routers, leaving them susceptible to remote exploitation and potential takeover. Identified as CVE-2024-42815 and carrying a n ... Read more
-
Cybersecurity News
Mirai Botnet Exploits Zero-Day Vulnerability CVE-2024-7029 in AVTECH IP Cameras
Akamai’s Security Intelligence Response Team (SIRT) has discovered a widespread Mirai botnet campaign exploiting a recently disclosed zero-day vulnerability (CVE-2024-7029) in AVTECH IP cameras. The v ... Read more
-
Cybersecurity News
Hacking the Hacker: Researcher Found Critical Flaw (CVE-2024-45163) in Mirai Botnet
Image: FortinetSecurity researcher Jacob Masse has exposed a critical vulnerability within the Mirai botnet, the infamous malware that has plagued the Internet of Things (IoT) and server landscapes si ... Read more
-
Cybersecurity News
Congress Scrutinizes TP-Link Routers Over Cybersecurity Concerns
Two members of Congress have urged the U.S. Department of Commerce to investigate the cybersecurity risks associated with Wi-Fi routers manufactured by the Chinese company TP-Link Technologies, and th ... Read more
The following table lists the changes that have been made to the
CVE-2023-1389 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference http://packetstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.html Added Reference https://www.tenable.com/security/research/tra-2023-11 -
Modified Analysis by [email protected]
Jun. 27, 2024
Action Type Old Value New Value Changed Reference Type http://packetstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.html No Types Assigned http://packetstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.html Exploit, Third Party Advisory, VDB Entry Changed CPE Configuration AND OR cpe:2.3:h:tp-link:archer_ax21:-:*:*:*:*:*:*:* OR *cpe:2.3:o:tp-link:archer_ax21_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.1.4 AND OR *cpe:2.3:o:tp-link:archer_ax21_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.1.4 OR cpe:2.3:h:tp-link:archer_ax21:-:*:*:*:*:*:*:* -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
CVE Modified by [email protected]
Aug. 11, 2023
Action Type Old Value New Value Added Reference http://packetstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.html [No Types Assigned] -
Initial Analysis by [email protected]
Mar. 21, 2023
Action Type Old Value New Value Added CVSS V3.1 NIST AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://www.tenable.com/security/research/tra-2023-11 No Types Assigned https://www.tenable.com/security/research/tra-2023-11 Exploit, Third Party Advisory Added CWE NIST CWE-77 Added CPE Configuration AND OR *cpe:2.3:o:tp-link:archer_ax21_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.1.4 OR cpe:2.3:h:tp-link:archer_ax21:-:*:*:*:*:*:*:*
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-1389 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-1389
weaknesses.
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
8.72 }} 2.88%
score
0.94515
percentile