Several popular TP-Link router models, which have long been out of support, have been attacked by hackers. A critical vulnerability could allow attackers to take complete control of the device.
Several popular TP-Link router models, which have long been out of support, have been attacked by hackers. A critical vulnerability could allow attackers to take complete control of the device.
According to TechRadar, the vulnerability is CVE-2023-33538 with a severity rating of 8.8 out of 10. It allows arbitrary commands to be executed on the device through so-called «command injection», a classic loophole in systems with insufficient filtering of user input.
The vulnerability is already being actively exploited, as officially warned by the US cybersecurity agency CISA, adding the CVE to the Known Exploited Vulnerabilities (KEV) catalog. The affected models are: TP-Link TL-WR940N (V2/V4), TL-WR841N (V8/V10) and TL-WR740N (V1/V2) — all of which were removed from support in 2010–2018.
Since the devices have reached End-of-Life (EoL) status, the manufacturer does not plan to release security updates. Because of this, the US government has set a deadline: by July 7, 2025, all responsible entities must completely remove these devices from their infrastructure. CISA recommends that ordinary users immediately stop using older models and switch to modern equipment.
Despite their age, some of these routers are still popular: one has over 9,000 positive reviews on Amazon, another over 77,000. That is why the scale of the potential damage of the vulnerability can be significant, especially if the routers have open access from the Internet.
Such vulnerabilities are especially dangerous for devices connected to the network with activated remote control functions. Prototypes of attacks are already distributed in the public domain, so the risk increases every day. Most manufacturers have long recommended updating any equipment that has reached EoL — both hardware and software.
We previously reported that over 9,000 Asus routers worldwide have been compromised in a massive attack linked to a well-resourced, likely state-backed, attacker who gained permanent access to the devices, even after reboots or firmware updates.
