CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited

CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited

Posted on By CWS

Sep 04, 2025Ravie LakshmananVulnerability / Community Safety
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Wednesday added two safety flaws impacting TP-Hyperlink wi-fi routers to its Recognized Exploited Vulnerabilities (KEV) catalog, noting that there’s proof of them being exploited within the wild.
The vulnerabilities in query are listed beneath –

CVE-2023-50224 (CVSS rating: 6.5) – An authentication bypass by spoofing vulnerability throughout the httpd service of TP-Hyperlink TL-WR841N, which listens on TCP port 80 by default, resulting in the disclosure of saved credentials in “/tmp/dropbear/dropbearpwd”
CVE-2025-9377 (CVSS rating: 8.6) – An working system command injection vulnerability in TP-Hyperlink Archer C7(EU) V2 and TL-WR841N/ND(MS) V9 that might result in distant code execution

In response to info listed on the corporate’s web site, the next router fashions have reached end-of-life (EoL) standing –

TL-WR841N (variations 10.0 and 11.0)
TL-WR841ND (model 10.0)
Archer C7 (variations 2.0 and three.0)

Nevertheless, TP-Hyperlink has launched firmware updates for the 2 vulnerabilities as of November 2024 owing to malicious exploitation exercise.
“The affected merchandise have reached their Finish-of-Service (EOS) and are not receiving lively help, together with safety updates,” the corporate mentioned. “For enhanced safety, we advocate that prospects improve to newer {hardware} to make sure optimum efficiency and safety.”
There aren’t any public reviews explicitly referencing the exploitation of the aforementioned vulnerabilities, however TP-Hyperlink, in an advisory up to date final week, linked in-the-wild exercise to a botnet often called Quad7 (aka CovertNetwork-1658), which has been leveraged by a China-linked risk actor codenamed Storm-0940 to conduct extremely evasive password spray assaults.
In gentle of lively exploitation, Federal Civilian Government Department (FCEB) businesses are being urged to use the mandatory mitigations by September 24, 2025, to safe their networks.
The event comes a day after CISA positioned one other high-severity safety flaw impacting TP-Hyperlink TL-WA855RE Wi-Fi Ranger Extender merchandise (CVE-2020-24363, CVSS rating: 8.8) to its Recognized Exploited Vulnerabilities (KEV) catalog, citing proof of lively exploitation.

The Hacker News Tags:, , , , , , , ,

Related Posts

Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild The Hacker News
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access The Hacker News
Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More The Hacker News
Why Organizations Are Abandoning Static Secrets for Managed Identities Why Organizations Are Abandoning Static Secrets for Managed Identities The Hacker News
Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware The Hacker News
Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001) Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001) The Hacker News