OVERKILL
$100 Site Donor 2021
I often see a dismissive tone taken by certain people about the risk of their consumer-grade equipment actually getting targeted/attacked in the wild. Things like "I'm not worth the time" or "I'm not a big enough target", despite me explaining that this is mostly automated, performed by bots. High value targets may be worth personal investment time, but opportunistic targets; targets located by bots that can be automatically exploited don't require that initial time investment, which makes them worthwhile.
Here's a Meraki MX summary from a site I manage. Note that three times a TP-Link Archer Router command injection attempt was made against this piece of equipment (which isn't vulnerable).
Here's the details in the advisory:
https://www.zerodayinitiative.com/advisories/ZDI-23-451/
It was reported to TP-Link in January of 2023 but the advisory wasn't released to the public until April. TP-Link didn't release updated firmware until the end of June.
If Auto Update isn't enabled on the device (it's not enabled by default) then you would have had to have been aware of the, advisory, the release of the update, and then manually performed the upgrade, to not be vulnerable to it, which is why bots are trying to actively exploit it a year later.
Here's a Meraki MX summary from a site I manage. Note that three times a TP-Link Archer Router command injection attempt was made against this piece of equipment (which isn't vulnerable).
Here's the details in the advisory:
https://www.zerodayinitiative.com/advisories/ZDI-23-451/
It was reported to TP-Link in January of 2023 but the advisory wasn't released to the public until April. TP-Link didn't release updated firmware until the end of June.
If Auto Update isn't enabled on the device (it's not enabled by default) then you would have had to have been aware of the, advisory, the release of the update, and then manually performed the upgrade, to not be vulnerable to it, which is why bots are trying to actively exploit it a year later.
