The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a high-severity security vulnerability in several TP-Link wireless routers, designated as CVE-2023-33538, that poses serious risks due to evidence of ongoing exploitation. The vulnerability, which has a CVSS score of 8.8, is a command injection flaw capable of executing arbitrary system commands when the ssid1 parameter is manipulated via specially crafted HTTP GET requests.
CISA’s alert highlights that the affected models include the TP-Link TL-WR940N (versions V2 and V4), TL-WR841N (versions V8 and V10), and TL-WR740N (versions V1 and V2). The agency emphasized that users of these models should take immediate action to secure their devices, particularly as evidence indicates attempts to exploit this vulnerability in the wild. CISA’s notice indicates they expect users to remediate these issues by July 7, 2025.
In light of the critical nature of this vulnerability and as these devices may be reaching end-of-life status, CISA has advised users to discontinue use if mitigation options are not available. Official support for the affected models has already ended, leaving users vulnerable, as TP-Link has confirmed that no updates or fixes will be provided.
While there is currently no detailed information on the nature or scale of the exploitation behind CVE-2023-33538, the cybersecurity community continues to monitor these incidents closely. CISA’s warning also comes on the heels of other vulnerabilities being targeted, including vulnerabilities affecting Zyxel firewalls, which emphasizes the ongoing threats that both individual and organizational networks face in an increasingly hostile cyber landscape.