The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a high-severity vulnerability (CVE-2023-33538) that is being actively exploited in the wild against several discontinued TP-Link router models. This vulnerability, which has a CVSS score of 8.8, affects the following devices:
• TP-Link TL-WR940N (V2/V4)
• TP-Link TL-WR841N (V8/V10)
• TP-Link TL-WR740N (V1/V2)
These models have reached end-of-life (EoL) status and are no longer receiving security updates from the manufacturer.
Technical Details of the Vulnerability
Proof-of-concept (PoC) exploit code was published online, making exploitation easier for malicious actors, though it has since been removed from GitHub. Remote attackers can exploit the vulnerability by sending specially crafted HTTP GET requests to the routers’ web management interface, specifically manipulating the ssid1 parameter. Improper input validation allows attackers to execute arbitrary system commands on the device.
Exploitation and Impact
Attackers can use this flaw to gain unauthorized control over affected routers, potentially using them as entry points into larger networks or as platforms for further attacks. The vulnerability is especially dangerous for routers exposed to the internet, but can also be exploited from within local networks.
Scope and Prevalence
These TP-Link models are extremely popular, with tens of thousands of units still in use globally, particularly in home and small office environments. The affected models have not received firmware updates in years (some since 2015 or earlier), leaving them permanently vulnerable.
Official Response and Recommendations
The vulnerability has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. Federal agencies are required to remove these routers from their environments by July 7, 2025. CISA strongly urges all organizations and individuals to immediately discontinue use of the affected TP-Link router models, as they are no longer supported and will not receive security patches. There are no official mitigations or patches for these discontinued products. The only effective solution is to replace the devices with supported, up-to-date hardware.
