www.belgium.be Logo of the federal government

Warning: 2 vulnerabilities in TP-LINK Archer AX21 routers

Reference: 
Advisory # 2023-048
Version: 
1.0
Affected software: 
TP-LINK Archer AX21 (AX1800) firmware
Type: 
Remote Code Execution (RCE)
CVE/CVSS: 
CVE-2023-1389 / 8.8
CVE-2023-27359 / 9.8

Sources

https://www.tp-link.com/us/support/faq/3643/
https://www.tp-link.com/us/support/download/archer-ax21/v3/#Firmware

Risks

Both vulnerabilities have a HIGH impact on Confidentiality, Integrity, and Availability. Privileges, authentication, and user interaction are not required to exploit this vulnerability.

Moreover, CVE-2023-1389 has been observed being exploited in the wild.

Description

CVE-2023-1389

Network-adjacent attackers can execute arbitrary code on affected TP-Link Archer AX21 routers.

The vulnerability exists within the merge_country_config function. The issue exists because of a lack of proper validation of a user-supplied string before using it to execute a system call.

CVE-2023-27359

Remote attackers can gain access to the LAN-side services of TP-Link Archer AX21 routers.

The vulnerability exists within the hotplugd daemon. The issue results from firewall rule handling and allows an attacker to access to resources that should be available to the LAN interface only. An attacker can leverage this vulnerability in conjunction with other vulnerabilities to execute arbitrary code as the root user.

Recommended Actions

The Centre for Cyber Security Belgium strongly recommends system administrators to visit TP-LINK's portal to apply the necessary patches.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1389
https://www.tenable.com/security/research/tra-2023-11
https://www.zerodayinitiative.com/advisories/ZDI-23-451/
https://www.zerodayinitiative.com/advisories/ZDI-23-452/