TP-Link

The Ballista botnet, taking advantage of an unpatched vulnerability in TP-Link Archer routers, has significantly impacted multiple sectors including manufacturing, healthcare, services, and technology across the U.S., Australia, China, and Mexico. Beyond its widespread presence in various critical industries, this botnet exploits the routers for command and control (C2) channels, enabling DoS/DDoS attacks, data exfiltration, and persistent unauthorized access. With over 6,500 identified vulnerable devices, the threat actors behind Ballista have exhibited sophisticated capabilities that threaten not only individual organizations but also the integrity of IoT devices within critical infrastructure.

Source: https://securityaffairs.com/175278/malware/ballista-botnet-exploits-unpatched-tp-link-flaw.html

"id": "tp-001031725",
"linkid": "tp-link-corporation",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"