Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers

Posted on By CWS

The US cybersecurity company CISA on Monday warned that risk actors are exploiting a two-year-old vulnerability affecting a number of discontinued TP-Hyperlink router fashions.

Tracked as CVE-2023-33538 (CVSS rating of 8.8), the bug is described as a command injection vulnerability within the /userRpm/WlanNetworkRpm element, and impacts the TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 router fashions.

The problem permits distant attackers to submit particular requests, which permits them to execute arbitrary system instructions on weak units.

Proof-of-concept (PoC) exploit code concentrating on the safety defect was printed on GitHub final month, however has since been eliminated.

In response to TP-Hyperlink’s listing (PDF) of discontinued merchandise, help for the TL-WR841N and TL-WR740N routers was discontinued earlier than 2018. The corporate stopped offering software program updates for TL-WR940N final 12 months.

On Monday, CISA added CVE-2023-33538 to its Identified Exploited Vulnerabilities (KEV) listing, urging customers to stop utilization of the affected merchandise, as they’re not supported.

Moreover, the company warned of the lively exploitation of CVE-2025-43200, a vulnerability within the processing of maliciously crafted photographs and movies shared by way of an iCloud hyperlink, which impacts a number of Apple merchandise.

Apple addressed the safety defect in February, with the discharge of iOS 18.3.1, iPadOS 18.3.1, and macOS Sequoia 15.3.1, in addition to with updates for older platform iterations.Commercial. Scroll to proceed studying.

“Apple is conscious of a report that this subject could have been exploited in an especially refined assault in opposition to particular focused people,” the corporate’s up to date advisory reads.

Final week, Citizen Lab warned that the bug has been exploited to contaminate not less than two journalists’ telephones with Paragon’s ‘Graphite’ cellular hacking software program.

Per Binding Operational Directive (BOD) 22-01, federal companies have till July 7 to take away weak TP-Hyperlink routers from their environments and replace their Apple units to the most recent software program releases.

Associated: Vulnerability Exploitation Probably Behind Widespread DrayTek Router Reboots

Associated: Mandiant Uncovers Customized Backdoors on Finish-of-Life Juniper Routers

Associated: Apple Patches First Exploited iOS Zero-Day of 2025

Associated: 4-Religion Industrial Router Vulnerability Exploited in Assaults

Security Week News Tags:, , , , , ,

Related Posts

TurboMirai-Class ‘Aisuru’ Botnet Blamed for 20+ Tbps DDoS Attacks Security Week News
Vulnerabilities Exposed Phone Number of Any Google User Security Week News
In Other News: Iranian Ships Hacked, Verified Android Developers, AI Used in Attacks Security Week News
Thousands of Citrix NetScaler Instances Unpatched Against Exploited Vulnerabilities Security Week News
Cisco Patches Another Critical ISE Vulnerability Security Week News
Archetyp Dark Web Market Shut Down by Law Enforcement Security Week News