Mirai Botnet Exploits TP-Link Router Vulnerability

TP-Link is a popular brand that makes networking devices such as routers, switches, and other smart devices that aim to help users connect to the internet efficiently. One of their router models is the TP-Link Archer AX21/1800, a Wi-Fi router that enables multiple devices, such as smartphones and laptops, to connect to high-speed wireless internet on home or office networks. 

Recently, security researchers have discovered that the Mirai botnet is targeting this TP-Link router model to expand its reach by exploiting a flaw, known as CVE-2023-1389, which discovered in December. 

TP-Link has now patched this vulnerability, but it appears that hackers are still attempting to exploit it by adding compromised routers around the world to the Mirai botnet with the goal of launching distributed denial-of-service (DDoS) attacks. 

What Are the Symptoms of an Infected TP-Link Router? 

Here are the signs of infection that you should be aware of: 

• Devices getting hotter than usual; 
• Constant loss of internet connection; 
• Admin user passwords being reset without your knowledge or consent; 
• And changes to your device’s network settings that you haven’t authorized. 

What Is the CVE-2023-1389 Vulnerability? How Was It Exploited? 

This high-severity security flaw is caused by the lack of input sanitization within the locale API, which is responsible for handling language settings within the router. Hackers can send a fake command disguised as a country code, which the router will execute without checking it properly.  

This makes it easier for hackers to compromise the router’s security and incorporate it into their botnet network, which can launch DDoS attacks that are hard to detect. 

What Should You Do? 

TP-Link has released a firmware update to address this vulnerability on March 14, 2023. Nonetheless, it is important to remember the following best practices: 

• Ensure that your TP-Link Archer AX21 (AX1800) Wi-Fi router has the latest firmware update by downloading it from TP-Link’s website. 
• Use antivirus software such as Trend Micro Maximum Security for real-time scanning of your devices and make sure to keep it up to date.
•  To help you maintain and monitor your home network, Trend Micro offers Home Network Security device to protect your smart home and connected devices from being compromised and hacked, keeping the internet safe for you and your family on any device. 
• Use Trend Micro ID Protection to: 

1. Check to see if your data (email, number, password, social media) has been exposed in a leak; 
2. Secure your social media accounts with our Social Media Account Monitoring tool, with which you’ll receive a personal report; 
3. Receive the strongest tough-to-hack password suggestions from our advanced AI. 

All this for free — give it a go today. As always, we hope this article has been an interesting and/or useful read. If so, please do SHARE it with family and friends to help keep the online community secure and informed — and consider leaving a like or comment below. Here’s to a secure 2023!