TP-Link

The Ballista botnet has been identified as exploiting a significant security vulnerability in TP-Link Archer routers, impacting various sectors including manufacturing, healthcare, services, and technology across multiple countries such as the United States, Australia, China, and Mexico. Over 6,500 devices have been found to be susceptible to the botnet, which utilizes an unpatched remote code execution flaw to automate its spread and establish control over these devices. This has raised security concerns, particularly given the involvement of critical infrastructure, and has necessitated a push for better management and identification of Internet of Things (IoT) devices to mitigate such risks.

Source: https://securityaffairs.com/175278/malware/ballista-botnet-exploits-unpatched-tp-link-flaw.html

"id": "tp-001031825",
"linkid": "tp-link-corporation",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"