- CISA flag safety problem affecting several TP-Link models
- It allows threat actors to execute orders at the level of the arbitrary system
- The affected models have all reached the end of life, so you have to be replaced anyway
Several TP-Link routers, which have long reached end-of-life status (EOL), are mistreated in real attacks, the American government warns.
The American Cybersecurity and Infrastructure Safety Agency (CISA) has added a vulnerability to injection of command to its known catalog on exploited vulnerabilities (KEV), signaling abuse in nature.
An order injection vulnerability allows threat stakeholders to execute arbitrary orders at the system level on a server by exploiting a poorly disinfected user input.
Popular routers
In this case, the bug is followed as CVE-2023-33538 and has a severity score of 8.8 / 10 (high). It affects several models, including TP-Link TL-WR940N V2 / V4, TL-WR841N V8 / V10 and TL-WR740N V1 / V2.
All these models reached their eol a long time ago – between 2010 and 2018.
Usually, when a bug is added to Kev, federal agencies of civil executive management (FCEB) have three weeks to apply the patch. Given that in this case, there is no corrective, users are invited to replace the old equipment with more recent versions. The deadline to complete the withdrawal is July 7, 2025.
Most OEMs advise this for all the equipment that has reached the end of life, hardware and software.
Although they have a decade, these devices are still very popular – because OST can still be bought on Amazon, where one of the models has more than 9,000 positive opinions, and another account more than 77,000 opinions and ranks well among other similar routers.
“Users must interrupt the use of products,” warned Cisa on its website.
The proof of concept proof is “widely available” online, Cyberness Noted, the highlighting of these types of defects is the most dangerous on publicly exposed routers with remote access features. This does not mean that they cannot be used in the same local network.
