The US cybersecurity company CISA on Monday warned that risk actors are exploiting a two-year-old vulnerability affecting a number of discontinued TP-Hyperlink router fashions.
Tracked as CVE-2023-33538 (CVSS rating of 8.8), the bug is described as a command injection vulnerability within the /userRpm/WlanNetworkRpm element, and impacts the TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 router fashions.
The problem permits distant attackers to submit particular requests, which permits them to execute arbitrary system instructions on weak units.
Proof-of-concept (PoC) exploit code concentrating on the safety defect was printed on GitHub final month, however has since been eliminated.
In response to TP-Hyperlink’s listing (PDF) of discontinued merchandise, help for the TL-WR841N and TL-WR740N routers was discontinued earlier than 2018. The corporate stopped offering software program updates for TL-WR940N final 12 months.
On Monday, CISA added CVE-2023-33538 to its Identified Exploited Vulnerabilities (KEV) listing, urging customers to stop utilization of the affected merchandise, as they’re not supported.
Moreover, the company warned of the lively exploitation of CVE-2025-43200, a vulnerability within the processing of maliciously crafted photographs and movies shared by way of an iCloud hyperlink, which impacts a number of Apple merchandise.
Apple addressed the safety defect in February, with the discharge of iOS 18.3.1, iPadOS 18.3.1, and macOS Sequoia 15.3.1, in addition to with updates for older platform iterations.Commercial. Scroll to proceed studying.
“Apple is conscious of a report that this subject could have been exploited in an especially refined assault in opposition to particular focused people,” the corporate’s up to date advisory reads.
Final week, Citizen Lab warned that the bug has been exploited to contaminate not less than two journalists’ telephones with Paragon’s ‘Graphite’ cellular hacking software program.
Per Binding Operational Directive (BOD) 22-01, federal companies have till July 7 to take away weak TP-Hyperlink routers from their environments and replace their Apple units to the most recent software program releases.
Associated: Vulnerability Exploitation Probably Behind Widespread DrayTek Router Reboots
Associated: Mandiant Uncovers Customized Backdoors on Finish-of-Life Juniper Routers
Associated: Apple Patches First Exploited iOS Zero-Day of 2025
Associated: 4-Religion Industrial Router Vulnerability Exploited in Assaults
