Vulnerability intelligence
CVE-2023-1389
TP-Link Archer AX-21 Command Injection Vulnerability
TP-Link Archer AX21
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.
CVSS Score
8.8
High
EPSS — Exploit Probability
100%
Riskier than 100% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
unknown
Federal deadline 2023-05-22
CISA required action
Apply updates per vendor instructions. Deadline for federal agencies: 2023-05-22.
2 articles across 2 outlets · first covered Apr 22, 2026 · latest Apr 30, 2026
Tracked incidents
Coverage timeline
-
Anti-DDoS Firm Heaped Attacks on Brazilian ISPskrebsonsecurity.com · Apr 30, 2026
-
Mirai Botnet Hijacks Old DLink Routers Via CVE-2025-29635securityaffairs.com · Apr 22, 2026