Name of the Vulnerable Software and Affected Versions:

TP-Link Archer AX21 versions prior to 1.1.4 Build 20230219

Description:

The TP-Link Archer AX21 router is vulnerable to a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. This vulnerability allows an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request. The `country` parameter of the write operation is not sanitized before being used in a call to `popen()`, allowing an attacker to execute arbitrary commands. This vulnerability is being actively exploited by multiple botnets, including Mirai, to spread malware and conduct DDoS attacks. Thousands of devices worldwide are at risk, including those in healthcare, manufacturing, and technology sectors.

Recommendations:

For TP-Link Archer AX21 versions prior to 1.1.4 Build 20230219, update the firmware to the latest version to address the command injection vulnerability. Restrict access to the `/cgi-bin/luci;stok=/locale` endpoint and limit the use of the `country` parameter to prevent exploitation. Additionally, consider disabling the `popen()` function until a patch is available.