TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Continued Scanning for CVE-2023-1389

2025-01-21 · Read original ↗

ATT&CK techniques detected

5 predictions
T1190Exploit Public-Facing Application
91%
“##56, an authenticated command injection vulnerability in four - faith consumer router models. given that the affected firmware version also has default credentials, this essentially turns this vulnerability into a remote and unauthenticated command injection vulnerability. the n…”
T1190Exploit Public-Facing Application
88%
“months ( the window of our analysis ), and for much longer in 2023 as well. cve - 2022 - 22947, a spring cloud gateway code injection vulnerability, which has also appeared consistently in our top 10 for at least 12 months is in third place. cve - 2020 - 11625, in fourth place th…”
T1584.008Network Devices
52%
“widespread use of these routers in the usa and the ties of the company to china, and concerns about espionage or nation - state hacking activity. botpoke and top talkers we ’ ve continued to track a pattern of scanning associated with the botpoke scanner that first appeared in au…”
T1588.006Vulnerabilities
51%
“traffic, followed by a monthly average of the remaining cves. the sudden re - emergence of scanning for cve - 2020 - 11625 continues, at the right of the top row. on the leftmost cell of the second row, we can see the drop in scanning for cve - 2020 - 8958 after it ’ s sudden inc…”
T1588.006Vulnerabilities
51%
“average of all the other 138 cves we currently track and note that these show a similar level of scanning since last month. figure 3. traffic volume by vulnerability. this view accentuates the recent changes in cve - 2020 - 11625, cve - 2020 - 8958, cve - 2018 - 10561, and cve - …”

Summary

TP-Link draws the attention of the US Government.