CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers

CISA warns that a vulnerability impacting multiple discontinued TP-Link router models is exploited in the wild. The post Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers appeared first on SecurityWeek.

CISA

The US cybersecurity agency CISA on Monday warned that threat actors are exploiting a two-year-old vulnerability affecting multiple discontinued TP-Link router models.

Tracked as CVE-2023-33538 (CVSS score of 8.8), the bug is described as a command injection vulnerability in the /userRpm/WlanNetworkRpm component, and impacts the TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 router models.

The issue allows remote attackers to submit special requests, which allows them to execute arbitrary system commands on vulnerable devices.

Proof-of-concept (PoC) exploit code targeting the security defect was published on GitHub last month, but has since been removed.

According to TP-Link’s list (PDF) of discontinued products, support for the TL-WR841N and TL-WR740N routers was discontinued before 2018. The company stopped providing software updates for TL-WR940N last year.

On Monday, CISA added CVE-2023-33538 to its Known Exploited Vulnerabilities (KEV) list, urging users to cease utilization of the affected products, as they are no longer supported.

Additionally, the agency warned of the active exploitation of CVE-2025-43200, a vulnerability in the processing of maliciously crafted photos and videos shared via an iCloud link, which impacts multiple Apple products.

Apple addressed the security defect in February, with the release of iOS 18.3.1, iPadOS 18.3.1, and macOS Sequoia 15.3.1, as well as with updates for older platform iterations.

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company’s updated advisory reads.

Last week, Citizen Lab warned that the bug has been exploited to infect at least two journalists’ phones with Paragon’s ‘Graphite’ mobile hacking software.

Per Binding Operational Directive (BOD) 22-01, federal agencies have until July 7 to remove vulnerable TP-Link routers from their environments and update their Apple devices to the latest software releases.

Related: Vulnerability Exploitation Possibly Behind Widespread DrayTek Router Reboots

Related: Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers

Related: Apple Patches First Exploited iOS Zero-Day of 2025

Related: Four-Faith Industrial Router Vulnerability Exploited in Attacks

Latest News

CYBERNEWSMEDIAPublisher