CVE-2023-1389

Vulnerability updated a month ago (2024-11-29T13:34:16.038Z)
Download STIX
Preview STIX
CVE-2023-1389 is a command injection vulnerability discovered in TP-Link Archer AX21 routers. This flaw in software design or implementation was publicly released in March of the year 2023 and has since been exploited by various malicious actors. Attack traffic through the vulnerable routers has been observed, with the vulnerability allowing unauthorized access to these devices. The vulnerability has been exploited by different strains of malware, including a new variant of the Mirai botnet and another strain named 'Skibidi.' The Mirai botnet variant exploits the flaw to gain access to devices, while Skibidi takes advantage of both CVE-2023-1389 and another vulnerability in Ivanti Connect Secure products (CVE-2024-21887). These attacks highlight the widespread use of this vulnerability for nefarious purposes. Security firm Fortinet noted that IZ1H9, presumably a malicious actor, added exploits for 12 command injection vulnerabilities impacting Totolink routers, two Yealink Device Management bugs, an RCE vulnerability in Zyxel EMG3525 and VMG1312 devices, and notably, the CVE-2023-1389 flaw in TP-Link Archer AX21 routers. Additionally, Fortinet observed attacks targeting this vulnerability to infect devices with the Condi DDoS bot. The continued exploitation of this vulnerability underscores the importance of timely patching and cybersecurity vigilance.
Description last updated: 2024-10-17T13:05:11.159Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Tp
Botnet
Exploit
Malware
flaw
exploited
Remote Code ...
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Mirai Botnet Malware is associated with CVE-2023-1389. The Mirai botnet, a type of malware, is known for its ability to exploit vulnerabilities in various devices and systems. Mirai operates by infecting systems without the user's knowledge, often through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt Unspecified
6
The Mirai Malware is associated with CVE-2023-1389. Mirai is a type of malware that primarily targets Internet of Things (IoT) devices, converting them into a botnet, which is then used to launch Distributed Denial of Service (DDoS) attacks. In early 2022, Mirai botnets accounted for over seven million detections worldwide, though there was a 9% quarUnspecified
6
The Condi Malware is associated with CVE-2023-1389. The Condi botnet, a form of malware, has been identified as a significant threat to unpatched TP-Link devices. The malware is recognized by the string "condi" and upon execution, sends numerous DNS queries to "trcpay[.]xyz." The botnet first attempts to resolve the Command and Control (C2) server adUnspecified
5
The Gafgyt Variant Malware is associated with CVE-2023-1389. The Gafgyt variant is a malicious software that poses a significant threat to computer systems and devices. This malware can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, Unspecified
2
The Gafgyt Malware is associated with CVE-2023-1389. Gafgyt, also known as Bashlite, is a type of malware that targets Linux architecture operating systems with the primary intent to launch distributed denial of service (DDoS) attacks. This malicious software infiltrates systems often through suspicious downloads, emails, or websites, and upon entry, Unspecified
2
The Agoent Malware is associated with CVE-2023-1389. AGoent is a sophisticated malware, a malicious software designed to exploit and damage computer systems. This Golang-based agent bot has been observed in multiple attacks, exploiting a year-old vulnerability to launch various nefarious activities. It operates by fetching the script file "exec.sh" frUnspecified
2
Source Document References
Information about the CVE-2023-1389 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
5 days ago
InfoSecurity-magazine
6 months ago
Fortinet
6 months ago
BankInfoSecurity
8 months ago
DARKReading
8 months ago
Fortinet
8 months ago
Fortinet
9 months ago
SANS ISC
10 months ago
SANS ISC
a year ago
SANS ISC
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Fortinet
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago