Shulou(Shulou.com)11/24 Report--

CTOnews.com June 21 news, according to the latest announcement issued by the network security company Fortinet, introduced a new malicious program called "Condi" to take advantage of the loophole in the TP-Link Archer AX21 (AX1800) Wi-Fi router to build a huge DDoS botnet.

ZDI reported the discovery of the vulnerability in January this year, and the tracking number is CVE-2023-1389. The company released a security update of 1.1.4 Build 20230219 in March this year to fix the above vulnerability.

Fortinet details the Condi vulnerability in his blog post today. The flaw lies in the router Web administrative interface API, which allows for the injection of unauthenticated commands and the execution of remote code.

To spread to vulnerable TP-Link routers, malware scans public IP with open ports 80 or 8080 and sends hard-coded exploit requests to download and execute remote shell scripts that infect new devices.

In addition, analysts have found samples of shell scripts with ADB (Android Debug Bridge) sources, which may indicate that botnets are propagated through devices with open ADB ports (TCP / 5555).

CTOnews.com attaches the link to the official firmware download address of TP-Link. If you do not have an upgrade, please upgrade as soon as possible.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.