TP-Link Archer WiFi router flaw exploited by Mirai malware
TP-Link Archer WiFi router flaw exploited by Mirai malware
There is a known vulnerability in the TP-Link Archer A21 (AX1800) WiFi router, tracked as CVE-2023-1389 which is being actively exploited by the Mirai malware botnet to incorporate devices into DDoS (distributed denial of service) swarms.
The flaw, carrying a severity score of 8.8, is described as an unauthenticated command injection flaw in the locale API of the web management interface on the device.
IT admins and owners of the Archer AX21 AX1800 Wi-Fi router are advised to ensure their device’s hardware is updated to the latest firmware version.
Infection symptoms
Signs of an infected TP-Link router include:
- device overheating,
- internet disconnections,
- inexplicable changes on the device’s network settings,
- resetting of admin user passwords.
Upgrade firmware
- Owners of the TP-Link Archer AX21 AX1800 dual-band WiFi 6 router can download the latest firmware update for their device’s hardware version from the following webpage: https://www.tp-link.com/us/support/download/archer-ax21/v3/#Firmware