Last year, a command injection vulnerability, CVE-2023-1389, was disclosed, and a fix was developed for the web management interface of the TP-Link Archer AX21 (AX1800). FortiGuard Labs has developed an IPS signature to tackle this issue. Recently, they observed multiple attacks focusing on this year-old vulnerability, spotlighting botnets like Moobot, Miori, the Golang-based agent “AGoent,” and the Gafgyt Variant. Peaks caused by these threats are evident in the following figure. The below r
