Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-1389

UNKNOWN
Published 2023-03-15T00:00:00.000Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-1389. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
8.8
/10
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01
0.104
probability
of exploitation in the wild

There is a 10.4% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25
Exploit Probability
Percentile: 0.950
Higher than 95.0% of all CVEs

Attack Vector Metrics

Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.

Available Exploits

TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection

TP-Link Archer AX21 (AX1800) routers are vulnerable to unauthenticated OS command injection via the country parameter in the locale endpoint. This allows remote attackers to execute arbitrary commands as root.

ID: CVE-2023-1389
Author: ritikchaddha Critical

References:

Related News

Botnet campaign hits unpatched TP-Link Archer AX-21 routers

Dubbed "Ballista," this nasty piece of work has already infected over 6,000 devices by exploiting a high-severity security flaw in the TP-Link Archer AX-21 router. The vulnerability, known as CVE-2023-1389, allows remote code execution (RCE) and has been arou…

Madshrimps.be 2025-03-13 06:43
Read More
Thousands of TP-Link Routers Have Been Infected By a Botnet To Spread Malware

The Ballista botnet is actively exploiting a high-severity remote code execution flaw (CVE-2023-1389) in TP-Link Archer AX-21 routers, infecting over 6,000 devices primarily in Brazil, Poland, the UK, Bulgaria, and Turkey. Tom's Hardware reports: According to…

Slashdot.org 2025-03-11 21:20
Read More
Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices

Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to …

Internet 2025-03-11 12:30
Read More

Known Exploited Vulnerability

This vulnerability is actively being exploited in the wild

View KEV Details

Remediation Status

Overdue

Due Date

May 22, 2023

Added to KEV

May 1, 2023

Required Action

Apply updates per vendor instructions.

Affected Product

Vendor/Project: TP-Link
Product: Archer AX21

Ransomware Risk

Known Ransomware Use
KEV Catalog Version: 2025.01.24 Released: January 24, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-h49r-m2rg-6pgf

Advisory Details

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-1389
WEB https://www.tenable.com/security/research/tra-2023-11
WEB http://packetstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.html

Advisory provided by GitHub Security Advisory Database. Published: March 16, 2023, Modified: March 21, 2023

References

https://www.tenable.com/security/research/tra-2023-11
http://packetstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.html
Published: 2023-03-15T00:00:00.000Z
Last Modified: 2025-01-28T16:20:12.288Z
Copied to clipboard!