Warning! TP-Link, Apache, and Oracle Vulnerabilities Actively Exploited in Wild

CISA recently included three actively exploited vulnerabilities in the wild in its KEV (Known Exploited Vulnerabilities) catalog.

The three actively exploited vulnerabilities are detected in:-

  • TP-Link
  • Apache
  • Oracle

Here below we have mentioned the vulnerabilities:-

  • CVE-2023-1389
  • CVE-2021-45046
  • CVE-2023-21839

Federal Government agencies and enterprises face a significant number of risks as a result of vulnerabilities of this type, which are prone to be exploited by threat actors.

Flaw profile

  • CVE ID: CVE-2023-1389 
  • CVSS score: 8.8
  • Description: TP-Link Archer AX-21 Command Injection Vulnerability
  • Severity: High
  • Date Added to Catalog: 2023-05-01
  • CVE ID: CVE-2021-45046
  • CVSS score: 9.0
  • Description: Apache Log4j2 Deserialization of Untrusted Data Vulnerability
  • Severity: Critical
  • Date Added to Catalog: 2023-05-01
  • CVE ID: CVE-2023-21839
  • CVSS score: 7.5
  • Description: Oracle WebLogic Server Unspecified Vulnerability
  • Severity: High
  • Date Added to Catalog: 2023-05-01

TP-Link Archer AX-21 routers are vulnerable to remote code execution due to a command injection flaw (CVE-2023-1389).

Since April 11, 2023, threat actors linked with the Mirai botnet have utilized the vulnerability, as reported by Trend Micro’s Zero Day Initiative.

CVE-2021-45046, it’s a remote code execution vulnerability that came to light in December 2021.

This vulnerability affects the Apache Log4j2 logging library, and it is the second flaw added to the KEV catalog.

While there is no clear indication of how the vulnerability is being exploited, GreyNoise’s data suggests that in the past 30 days, 74 unique IP addresses attempted to exploit it.

In the following Oracle WebLogic Server versions the list concludes with a high-severity vulnerability:-


Data that is sensitive could be accessed without authorization as a result of this bug.

A patch for the problem was, however, released in January 2023 as a part of the company’s update release.

By gaining network access through T3, IIOP, an unauthorized threat actor could easily exploit the unknown vulnerability that is present in Oracle WebLogic Server to compromise it.

Although there are PoC exploits available for the vulnerability, no instances of malicious exploitation have been reported in the public domain.

BOD 22-01 created the KEV (Known Exploited Vulnerabilities) Catalog as a dynamic list of CVEs that pose a substantial risk to the federal enterprise.

While apart from this, CISA urged to safeguard the networks against these active threats, by May 22, 2023, FCEB (Federal Civilian Executive Branch) agencies must implement the patches and fixes provided by the vendors.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.