CVE-2021-41653 – TP-Link / TL-WR840N EU v5 – RCE
CVE-2021-41653 is a remote code execution (RCE) vulnerability impacting TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211. An exploit was observed in open source, a link to an exploit was shared in the underground and a walk through demo of an exploit was shared via YouTube. Additionally, security researchers claimed the vulnerability was exploited in the wild by the Dark Mirai botnet.
Summary:
CVE-2021-41653 is a remote code execution (RCE) vulnerability impacting TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211. An exploit was observed in open source, a link to an exploit was shared in the underground and a walk through demo of an exploit was shared via YouTube. Additionally, security researchers claimed the vulnerability was exploited in the wild by the Dark Mirai botnet.
PoC Links(if available):
Kamillo Matek : TP-Link TL-WR840N EU v5 Remote Code Execution  –
 https://k4m1ll0.com/cve-2021-41653.html
Known Counter Measures:
TP-Link addressed the vulnerability in a security advisory with updated versions.
Links to patches(if available)
https://www.tp-link.com/in/press/security-advisory/

 
                      ![Cobalt Strike Beacon Detected - 47[.]236[.]110[.]95:10443 2 Cobalt-Strike](https://www.redpacketsecurity.com/wp-content/uploads/2021/11/Cobalt-Strike-300x201.jpg) 
                       
