TP-LINK | Breaking Cybersecurity News | The Hacker News

Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet," security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with The Hacker News. CVE-2023-1389 is a high-severity security flaw impacting TP-Link Archer AX-21 routers that could lead to command injection, which could then pave the way for remote code execution. The earliest evidence of active exploitation of the flaw dates back to April 2023, with unidentified threat actors using it to drop Mirai botnet malware. Since then, it has also been abused to propagate other malware families like Condi and AndroxGh0st . Cato CTRL said it detected the Ballista campaign on January 10, 2025. The most recent exploitation attempt was recorded on Februa...

A maximum-severity security flaw has been disclosed in the  TP-Link Archer C5400X gaming router  that could lead to remote code execution on susceptible devices by sending specially crafted requests. The vulnerability, tracked as  CVE-2024-5035 , carries a CVSS score of 10.0. It impacts all versions of the router firmware including and prior to 1_1.1.6. It has been patched in  version 1_1.1.7  released on May 24, 2024. "By successfully exploiting this flaw, remote unauthenticated attackers can gain arbitrary command execution on the device with elevated privileges," German cybersecurity firm ONEKEY  said  in a report published Monday. The issue is rooted in a binary related to radio frequency testing "rftest" that's launched on startup and exposes a network listener on TCP ports 8888, 8889, and 8890, thus allowing a remote unauthenticated attacker to achieve code execution. While the network ...

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security , believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn't equal being secure. As Sun Tzu warned, "Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat." Two and a half millennia later, the concept still holds: your organization's cybersecurity defenses must be strategically validated under real-world conditions to ensure your business's very survival. Today, more than ever, you need Adversarial Exposure Validation (AEV) , the essential strategy that's still missing from most security frameworks. The Danger of False Confidence Conventional wisdom suggests that if you've patched known bugs, deployed a stack of well-regarded security tools, and passed the nec...

Security vulnerabilities have been disclosed in Netcomm and TP-Link routers, some of which could be weaponized to achieve remote code execution. The flaws, tracked as  CVE-2022-4873  and  CVE-2022-4874 , concern a case of stack-based buffer overflow and authentication bypass and impact Netcomm router models NF20MESH, NF20, and NL1902 running firmware versions earlier than R6B035 . "The two vulnerabilities, when chained together, permit a remote, unauthenticated attacker to execute arbitrary code," the CERT Coordination Center (CERT/CC)  said  in an advisory published Tuesday. "The attacker can first gain unauthorized access to affected devices, and then use those entry points to gain access to other networks or compromise the availability, integrity, or confidentiality of data being transmitted from the internal network." Security researcher  Brendan Scarvell  has been credited with discovering and reporting the issues in October 2022. In a rel...