TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal

Last week, the Zero Day Initiative (ZDI) threat-hunting team observed new exploit attempts coming from our telemetry system in Eastern Europe indicating that the Mirai botnet has updated its arsenal to include CVE-2023-1389, also known as ZDI-CAN-19557/ZDI-23-451. This bug in the TP-Link Archer AX21 Wi-Fi router was originally disclosed to ZDI during the Pwn2Own Toronto event, where it was used by Team Viettel in their LAN-side entry against the TP-Link device and by Qrious Security in their WAN-side entry. …

arsenal blog post botnet bug coming contest cve cve-2023-1389 device eastern europe entry europe event exploit hunting initiative lan link mirai mirai botnet pwn2own router security system team teams telemetry threat toronto tp-link tp-link archer vulnerabilities vulnerability wan wi-fi zdi zero day initiative