TP-Link has announced a critical zero-day vulnerability affecting multiple router models, with patches underway for different regions. CISA has also issued warnings about other exploited vulnerabilities in TP-Link routers, linked to the Quad7 botnet threat actor. #TPLinkVulnerability #Quad7Botnet
Keypoints
- A zero-day buffer overflow vulnerability was found in TP-Link routersβ CWMP implementation.
- Independent researcher Mehrun discovered the flaw and reported it to TP-Link in May 2024.
- The vulnerability could allow remote code execution through malicious SOAP payloads.
- Affected models include Archer AX10, Archer AX1500, and potentially others like EX141 and VR400.
- CISA warnings include exploited flaws CVE-2023-50224 and CVE-2025-9377, linked to the Quad7 botnet.