Warning: 2 vulnerabilities in TP-LINK Archer AX21 routers
Sources
https://www.tp-link.com/us/support/faq/3643/
https://www.tp-link.com/us/support/download/archer-ax21/v3/#Firmware
Risks
Both vulnerabilities have a HIGH impact on Confidentiality, Integrity, and Availability. Privileges, authentication, and user interaction are not required to exploit this vulnerability.
Moreover, CVE-2023-1389 has been observed being exploited in the wild.
Description
CVE-2023-1389
Network-adjacent attackers can execute arbitrary code on affected TP-Link Archer AX21 routers.
The vulnerability exists within the merge_country_config function. The issue exists because of a lack of proper validation of a user-supplied string before using it to execute a system call.
CVE-2023-27359
Remote attackers can gain access to the LAN-side services of TP-Link Archer AX21 routers.
The vulnerability exists within the hotplugd daemon. The issue results from firewall rule handling and allows an attacker to access to resources that should be available to the LAN interface only. An attacker can leverage this vulnerability in conjunction with other vulnerabilities to execute arbitrary code as the root user.
Recommended Actions
The Centre for Cyber Security Belgium strongly recommends system administrators to visit TP-LINK's portal to apply the necessary patches.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1389
https://www.tenable.com/security/research/tra-2023-11
https://www.zerodayinitiative.com/advisories/ZDI-23-451/
https://www.zerodayinitiative.com/advisories/ZDI-23-452/