Threat actors are actively exploiting a two-year-old security vulnerability in discontinued TP-Link routers, specifically models like TL-WR940N, TL-WR841N, and TL-WR740N. CISA has warned users to cease using these outdated devices and has added the CVE-2023-33538 vulnerability to its KEV list due to active exploitation. #CISA #TPLinkVulnerability
Keypoints
- The CVE-2023-33538 vulnerability allows remote command execution on affected TP-Link routers.
- The impacted models have been discontinued and are no longer receiving software updates from TP-Link.
- Proof-of-concept exploit code was published but has been removed from GitHub.
- CISA recommends discontinuing use of these routers and updating other vulnerable devices like Apple products.
- Active exploitation has been linked to targeted attacks, including on journalistsβ devices.