Attackers are targeting TP-Link routers using CVE-2023-33538, a vulnerability that enables command injection, with the goal of delivering Mirai botnet malware payloads. This exploitation attempt highlights the expanding attack surface of disclosed vulnerabilities, allowing malicious actors to inject commands and potentially compromise router security. The characteristic payloads suggest a potential connection to Mirai botnet activity, which is known for its role in large-scale DDoS attacks and other malicious operations. As a result, organizations with exposed TP-Link routers should prioritize mitigation based on their specific exposure and available exploitation evidence1. The exploitation of CVE-2023-33538 underscores the importance of proactive vulnerability management, particularly for internet-facing devices like routers, to prevent the spread of malware and protect against potential attacks. This vulnerability poses a significant risk to network security, so practitioners should take immediate action to assess and address their exposure to CVE-2023-33538.