- Cisa Flags security problem that affects multiple TP-Link models
- Allows threat actors to execute arbitrary commands at the system level
- The affected models have reached the end of life, so it must be replaced anyway
The multiple TP link routors, who have reached the end of life (EOL), are being abused in real -life attacks, the United States government is warning.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added a command injection vulnerability to its known exploited vulnerabilities catalog (KEV), pointing out the abuse in nature.
A command injection vulnerability allows threat actors to execute arbitrary commands at the system level on a server exploiting the user entry incorrectly disinfected.
Popular routers
In this case, the error is tracked as CVE-2023-33538 and has a gravity score of 8.8/10 (high). It affects multiple models, including TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10 and TL-WR740N V1/V2.
All these models reached their EOL long ago, between 2010 and 2018. That means that they no longer receive updates, and that TP -Link will not address the vulnerability of command injection mentioned above.
In general, when an error is added to Kev, federal civil executive branch agencies (FCEB) have three weeks to apply the patch. Since in this case, there is no patch, users are urged to replace old hardware with newer versions. The deadline to complete the elimination is July 7, 2025.
Most OEM advise this for all teams that reached the state of the end of life, both hardware and software.
Despite having a decade, these devices are still quite popular: since OST can be purchased at Amazon, where one of the models has more than 9,000 positive criticisms, and another has more than 77,000 criticisms and classifies well among other similar rings.
“Users must suspend the use of the product,” CISA warned on their website.
Concept proof exploits are “widely available” online, Cybernews Observed, highlighting these types of defects are the most dangerous in publicly exposed routers with remote access characteristics. It does not mean that they cannot be exploited within the same local network.
