Official Statement on Archer AX21 Remote Code Execution Vulnerability (CVE-2023-1389)

Security Advisory
Updated 04-27-2023 16:04:32 PM 16929
This Article Applies to: 

TP-Link is aware of reports that the Remote Code Execution (REC) vulnerability detailed in CVE-2023-1389 in AX21 has been added to the Mirai botnet Arsenal.

TP-Link takes security vulnerabilities very seriously and actively deals with them upon receipt of notification. We have released firmware on the TP-Link official website and also pushed the firmware to customers' devices that are linked to a TP-Link Cloud account. Please click the following link for your hardware version:  V1.2, V1.26, V2.0, V2.6, V3.0, V3.6

The Archer AX21, if linked to a TP-Link ID, will automatically receive update notifications in the web administration interface and Tether application. TP-Link strongly recommends that you download and update to the latest firmware for this product model as soon as possible.


The vulnerability will remain if you do not take all recommended actions. TP-Link cannot bear any responsibility for consequences that could have been avoided by following the recommendations in this statement.

Is this faq useful?

Your feedback helps improve this site.

Recommend Products


TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >