Initiativen für
    
    Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
      
     
                  Reference:
Advisory # 2023-048 
Version:
1.0
Affected software:
TP-LINK Archer AX21 (AX1800) firmware
Type:
Remote Code Execution (RCE)
CVE/CVSS:
https://www.tp-link.com/us/support/faq/3643/
https://www.tp-link.com/us/support/download/archer-ax21/v3/#Firmware
Both vulnerabilities have a HIGH impact on Confidentiality, Integrity, and Availability. Privileges, authentication, and user interaction are not required to exploit this vulnerability.
Moreover, CVE-2023-1389 has been observed being exploited in the wild.
CVE-2023-1389
Network-adjacent attackers can execute arbitrary code on affected TP-Link Archer AX21 routers.
The vulnerability exists within the merge_country_config function. The issue exists because of a lack of proper validation of a user-supplied string before using it to execute a system call.
CVE-2023-27359
Remote attackers can gain access to the LAN-side services of TP-Link Archer AX21 routers.
The vulnerability exists within the hotplugd daemon. The issue results from firewall rule handling and allows an attacker to access to resources that should be available to the LAN interface only. An attacker can leverage this vulnerability in conjunction with other vulnerabilities to execute arbitrary code as the root user.
The Centre for Cyber Security Belgium strongly recommends system administrators to visit TP-LINK's portal to apply the necessary patches.
https://nvd.nist.gov/vuln/detail/CVE-2023-1389
https://www.tenable.com/security/research/tra-2023-11
https://www.zerodayinitiative.com/advisories/ZDI-23-451/
https://www.zerodayinitiative.com/advisories/ZDI-23-452/