Known Exploited Vulnerability: CVE-2023-1389

TP-Link Archer AX-21 Command Injection Vulnerability

Catalog version: 2026.07.16 Date added: 2023-05-01 Due date: 2023-05-22 CISA catalog

Vendor: TP-Link

Product: Archer AX21

Required action: Apply updates per vendor instructions.

Known ransomware campaign use: Unknown

Notes: https://www.tp-link.com/us/support/download/archer-ax21/v3/#Firmware https://nvd.nist.gov/vuln/detail/CVE-2023-1389

CWEs

cvelogic Threat Intelligence