A critical vulnerability has been identified in several TP-Link router models, posing significant security risks to users worldwide. The affected models include the TL-WR940N (versions 2 and 4), TL-WR841N (versions 8 and 10), and TL-WR740N (versions 1 and 2). Rated with a CVSS score of 8.8, this command injection bug in the /userRpm/WlanNetworkRpm component allows remote attackers to execute arbitrary system commands on vulnerable devices, creating dire implications for device security.
A critical vulnerability in TP-Link routers threatens users, allowing remote attackers to execute arbitrary commands on affected devices.
The situation is exacerbated by the fact that these models have been discontinued, with support for the TL-WR841N and TL-WR740N ending prior to 2018, whereas TL-WR940N support ceased last year. The lack of available software updates effectively leaves these devices unprotected against emerging threats. Consequently, users worldwide face a heightened risk of exploitation, particularly given the active nature of attacks targeting this vulnerability. Additionally, TP-Link encourages responsible reporting of vulnerabilities to address potential security issues, highlighting their commitment to user safety.
The Cybersecurity and Infrastructure Security Agency (CISA) has responded to this urgent security issue by issuing warnings regarding the exploit’s active use in the wild. Furthermore, the vulnerability, identified as CVE-2023-33538, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. CISA strongly advises users to discontinue the use of these vulnerable routers to mitigate potential security breaches. Organizations must report on their status of remediation efforts, which highlights the pressing need for users to take action promptly.
Experts have highlighted that the capability of remote attackers to submit specially crafted requests to execute system commands compromises not just individual devices, but potentially larger networks as well.
The global threat environment remains concerning, as previous vulnerabilities in TP-Link routers have demonstrated a pattern of exploitation by sophisticated threat groups, such as Camaro Dragon. These developments underscore the necessity for immediate action and awareness among users to avert further security incidents.
