Hackers Exploiting TP-Link Archer Command Injection Vulnerability in the Wild
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Cybersecurity researchers have uncovered widespread exploitation of a critical vulnerability in TP-Link Archer routers, which has led to the proliferation of botnet threats.
The vulnerability, CVE-2023-1389, allows attackers to execute arbitrary commands on affected devices, potentially granting them access to sensitive information and the ability to hijack the devices for malicious purposes.
CVE-2023-1389 – Command Injection Vulnerability
CVE-2023-1389 is a command injection vulnerability that affects multiple TP-Link Archer router models.
Vulnerability Proof-Of-Concept
TP-Link disclosed and patched the Vulnerability in March 2023. It allows unauthenticated attackers to execute arbitrary commands on the affected devices.
This flaw can be exploited to gain control over the routers, potentially leading to data breaches, network infiltration, and malware deployment.
Fortinet recently published a blog post highlighting the exploitation of a command injection vulnerability in TP-Link Archer routers by hackers in the wild. T
AGoent
One of the botnets actively exploiting CVE-2023-1389 is AGoent, a well-known malware strain that has been observed targeting various IoT devices.
Exploit packet
AGoent can perform a wide range of malicious activities, including distributed denial-of-service (DDoS) attacks, cryptocurrency mining, and installing additional malware.
AGoent Botnet
Gafgyt Variant
Researchers have also identified a variant of the Gafgyt botnet leveraging the CVE-2023-1389 vulnerability.
Exploit packet
Gafgyt is a long-standing IoT botnet known for its ability to launch DDoS attacks and spread to other vulnerable devices.
The new variant exploits the TP-Link Archer vulnerability to expand its reach and impact.
Moobot
Another botnet observed exploiting CVE-2023-1389 is Moobot, a relatively new malware strain gaining traction in the cybercriminal landscape.
Exploit packet
Moobot can perform various malicious activities, including credential theft, data exfiltration, and the deployment of additional payloads.
Mirai Variant
Researchers have also identified a variant of the notorious Mirai botnet leveraging the CVE-2023-1389 vulnerability.
Exploit packet
Mirai is a well-known IoT botnet responsible for some of history’s most significant DDoS attacks.
The new variant exploits the TP-Link Archer vulnerability to expand its reach and impact.
Miori
In addition to the botnets above, researchers have discovered a new malware strain called Miori that targets the CVE-2023-1389 vulnerability.
Exploit packet
Miori can perform various malicious activities, including credential theft, data exfiltration, and the deployment of additional payloads.
Condi
Lastly, researchers have identified a botnet called Condi exploiting the CVE-2023-1389 vulnerability.
Exploit packet
Condi is a relatively new malware strain observed targeting various IoT devices, including TP-Link Archer routers.
The widespread exploitation of the CVE-2023-1389 vulnerability highlights the importance of timely patching and robust security measures to protect IoT devices from such threats.
TP-Link has released patches for the affected Archer router models, and users are strongly advised to update their devices as soon as possible to mitigate the risk of compromise.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Hackers Exploiting TP-Link Archer Command Injection Vulnerability in the Wild
Author: DhivyaCybersecurity researchers have uncovered widespread exploitation of a critical vulnerability in TP-Link Archer routers, which has led to the proliferation of botnet threats.
The vulnerability, CVE-2023-1389, allows attackers to execute arbitrary commands on affected devices, potentially granting them access to sensitive information and the ability to hijack the devices for malicious purposes.
CVE-2023-1389 – Command Injection Vulnerability
CVE-2023-1389 is a command injection vulnerability that affects multiple TP-Link Archer router models.
Vulnerability Proof-Of-ConceptTP-Link disclosed and patched the Vulnerability in March 2023. It allows unauthenticated attackers to execute arbitrary commands on the affected devices.
This flaw can be exploited to gain control over the routers, potentially leading to data breaches, network infiltration, and malware deployment.
Fortinet recently published a blog post highlighting the exploitation of a command injection vulnerability in TP-Link Archer routers by hackers in the wild. T
AGoent
One of the botnets actively exploiting CVE-2023-1389 is AGoent, a well-known malware strain that has been observed targeting various IoT devices.
Exploit packetAGoent can perform a wide range of malicious activities, including distributed denial-of-service (DDoS) attacks, cryptocurrency mining, and installing additional malware.
AGoent BotnetGafgyt Variant
Researchers have also identified a variant of the Gafgyt botnet leveraging the CVE-2023-1389 vulnerability.
Exploit packetGafgyt is a long-standing IoT botnet known for its ability to launch DDoS attacks and spread to other vulnerable devices.
The new variant exploits the TP-Link Archer vulnerability to expand its reach and impact.
Moobot
Another botnet observed exploiting CVE-2023-1389 is Moobot, a relatively new malware strain gaining traction in the cybercriminal landscape.
Exploit packetMoobot can perform various malicious activities, including credential theft, data exfiltration, and the deployment of additional payloads.
Mirai Variant
Researchers have also identified a variant of the notorious Mirai botnet leveraging the CVE-2023-1389 vulnerability.
Exploit packetMirai is a well-known IoT botnet responsible for some of history’s most significant DDoS attacks.
The new variant exploits the TP-Link Archer vulnerability to expand its reach and impact.
Miori
In addition to the botnets above, researchers have discovered a new malware strain called Miori that targets the CVE-2023-1389 vulnerability.
Exploit packetMiori can perform various malicious activities, including credential theft, data exfiltration, and the deployment of additional payloads.
Condi
Lastly, researchers have identified a botnet called Condi exploiting the CVE-2023-1389 vulnerability.
Exploit packetCondi is a relatively new malware strain observed targeting various IoT devices, including TP-Link Archer routers.
The widespread exploitation of the CVE-2023-1389 vulnerability highlights the importance of timely patching and robust security measures to protect IoT devices from such threats.
TP-Link has released patches for the affected Archer router models, and users are strongly advised to update their devices as soon as possible to mitigate the risk of compromise.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
