Merge branch 'main' into main

docs/advisories/20240418003-Botnets-Swarm-Exploited-in-TP-Link-Archer-Routers.md

@@ -0,0 +1,25 @@
+# Botnets Swarm Exploited in TP-Link Archer Routers - 20240418003
+
+## Overview
+
+TP-Link Archer AX21 (AX1800) contains a command injection vulnerability in the web management interface within the 'Country' field. An attacker can leverage this vulnerability to execute arbitrary code in the context of root with a simple POST.
+
+## What is vulnerable?
+
+| Product Affected                                                           | CVE                                                             | Severity | CVSS |
+| -------------------------------------------------------------------------- | --------------------------------------------------------------- | -------- | ---- |
+| TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 | [CVE-2023-1389](https://nvd.nist.gov/vuln/detail/CVE-2023-1389) | **High** | 8.8  |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+## Additional References
+
+- [TP-Link Archer AX21 Command Injection (packetstormsecurity.com)](https://packetstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.html)
+- [Unauthenticated Command Injection in TP-Link Archer AX21 (AX1800) (tenable.com)](https://www.tenable.com/security/research/tra-2023-11)
+- [Old Vulnerability, New Attacks (securityonline.info)](https://securityonline.info/old-vulnerability-new-attacks-botnets-swarm-exploited-cve-2023-1389-in-tp-link-routers/)