The United States Cybersecurity and Infrastructure Security Agency (CISA) has reported that three vulnerabilities of TP-Link, Apache, and Oracle devices are being exploited by attackers. The first vulnerability, tracked as CVE-2023-1389, has been assigned a score of 8.8 by the National Vulnerabilities Database (NVD) and is considered to be of high severity. This flaw affects the firmware of TP-Link Archer AX21 modems and is known to contain a command injection vulnerability. Attackers may use this vulnerability to instruct the devices to carry out malicious commands, potentially compromising the infrastructure linked with the modem. According to the Zero Day Initiative (ZDI), the Mirai botnet has been leveraging the TP-Link flaw to recruit more devices to its ranks.
The second vulnerability, the Apache Log4j2 deserialization of untrusted data vulnerability tracked as CVE-2021-45046, has been assigned a score of 9.0, indicating critical severity. This bug is particularly dangerous as it can be exploited to transmit malicious data, instructing the app to run malicious code, leading to remote code execution (RCE) or even data loss.
The last vulnerability flagged by CISA is the Oracle WebLogic Server unspecified vulnerability tracked as CVE-2023-21839, which has been given a 7.5 score, indicating its high severity. This bug would allow an attacker to access the system without any credentials or authentication, potentially allowing them to access critical data stored on the Oracle WebLogic Server and leading to further attacks. CISA has warned that “these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.”