Analysis Summary

Hackers are actively exploiting a critical vulnerability in outdated TP-Link routers, prompting a warning from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The flaw, tracked as CVE-2023-33538, is a command injection vulnerability with a CVSS score of 8.8, allowing remote, unauthenticated attackers to execute arbitrary commands via the web management interface. Though discovered in 2023, weaponization in real-world attacks has only recently escalated, raising concerns among security experts.

The vulnerability affects several widely used but now obsolete TP-Link models, including:

• TP-Link TL-WR940N (versions V2 and V4) – last updated in 2016.
• TP-Link TL-WR841N (versions V8 and V10) – last updated in 2015.
• TP-Link TL-WR740N (versions V1 and V2) – last updated 15 years ago.

These models remain available on platforms like Amazon, despite being out of support and highly vulnerable to attacks. The risk is especially high for routers with remote management enabled, but internal network compromise is also possible through infected devices like laptops or smartphones.

CISA has added CVE-2023-33538 to its Known Exploited Vulnerabilities Catalog, mandating all U.S. federal agencies to remove affected devices by July 7, 2025. The agency strongly recommends individuals and private organizations follow suit.

TP-Link has faced criticism for inconsistent support policies and unclear hardware revision labeling, which can lead consumers to unknowingly buy outdated, unsupported devices. The case underscores the growing danger of obsolete consumer technology remaining in active use.

Security experts stress that replacing these routers is not just a technical update, but a crucial step in protecting home and enterprise networks from modern threats.

Impact

• Unauthorized Access
• Command Execution

Indicators of Compromise

CVE

• CVE-2023-33538

Affected Vendors

Remediation

• Immediately stop using outdated TP-Link router models (TL-WR940N V2/V4, TL-WR841N V8/V10, TL-WR740N V1/V2)
• Replace legacy routers with modern, supported devices receiving regular firmware updates
• Disable remote management features on routers if not essential
• Regularly check for and apply firmware updates from trusted vendor sources
• Conduct network scans to identify and isolate vulnerable devices
• Implement firewall rules to restrict unauthorized access to router management interfaces
• Educate users about risks of using end-of-life hardware
• Maintain an updated inventory of all network hardware with version and support status
• Monitor CISA’s Known Exploited Vulnerabilities Catalog for emerging threats
• Segment home or organizational networks to reduce the blast radius of potential compromise