Fortinet has reported that attackers are still exploiting a vulnerability discovered a year ago in TP-Link routers, using them to add routers to various botnets for carrying out DDOS attacks.
The vulnerability, known as cve-2023-1389 (CVSS: 8.8), was first identified in December 2022 at the PWN2own event in Toronto. It was fixed in March 2023. This flaw impacts the popular TP-Link Archer AX21 model, which has been a prime target for botnet operators.
Fortinet’s telemetry has shown numerous attacks leveraging this vulnerability, involving malicious botnets like Mirai and Condi. The exploit enables hackers to take control of devices and launch DDOS attacks.
In April 2023, reports emerged of cybercriminals using the same vulnerability to target TP-Link routers predominantly in Eastern Europe, incorporating them into botnets.
The Mirai botnet, which was first discovered in August 2016, has been involved in some of the most severe and devastating DDOS attacks to date.