SIS March 2024: TP-Link Archer AX21 Wifi Router targeting, plus a handful of new CVEs!

The latest F5 Labs Sensor Intel Series (SIS) unveils the most commonly attempted CVE exploits hitting their sensor network

The March 2024 Sensor Intelligence Series report highlights a significant surge in scanning activity for the vulnerability CVE-2023-1389, which has become the top scanned vulnerability, indicating targeted attacks on WiFi routers to potentially build botnets.

The report also notes that most of the scanning traffic originates from two ASNs, suggesting a concentrated effort from specific sources. Additionally, the report provides an overview of the top ten vulnerabilities, their traffic volume, and changes from the previous month, emphasizing the importance of monitoring such vulnerabilities to protect against widespread internet attacks on IoT devices and traditional server software.

Newly tracked vulns include:

• CVE-2023-1389, a command injection vulnerability in the firmware for the TP-Link Archer AX21 Wi-Fi router (CVSS 8.8, EPSS 92.7%)
• CVE-2009-3960, an unspecified information disclosure vulnerability in the BlazeDS 3.2 library used by several Adobe products (CVSS v2 4.3, EPSS 99.68%)
• CVE-2014-9792, a privilege escalation vulnerability in a Qualcomm component for Android devices (CVSS 7.8, EPSS n/a)
• CVE-2020-28188, a remote code execution vulnerability in the TerraMaster TOS software. We already have been tracking this, but we added a new signature for another vector for exploiting this. (CVSS 9.8, EPSS 99.9%)
• CVE-2022-47945, a local file inclusion vulnerability in the ThinkPHP framework (CVSS 9.8, EPSS 92%)⁵

Read the full article: Sensor Intel Series: Top CVEs in March 2024 (f5.com)