A critical command injection vulnerability, tracked as CVE-2023-33538, has been targeted by hackers for over a year in outdated TP-Link router models, including the TL-TL-WR940N, TL-WR740N, and TL-WR841N. Despite the vulnerability's high CVSS score of 8.8, no successful exploitation has been reported. The flaw, located in the /userRpm/WlanNetworkRpm component, has been a focus of attention since its discovery, with CISA adding it to the Known Exploited Vulnerabilities catalog in June1. The ongoing attempts to exploit this vulnerability highlight the ongoing risk to users of these outdated router models. As the exploitation status of CVE-2023-33538 continues to evolve, it will determine whether this is a patch-now or monitor situation, making it crucial for practitioners to stay informed about the latest developments. This vulnerability's unresolved status matters to security professionals, as it may eventually be leveraged for malicious purposes, emphasizing the need for continued vigilance.
CVE-2023-33538 under attack for a year, but exploitation still unsuccessful
⚠️ Critical Alert
Why This Matters
CVE-2023-33538 is in active discussion involving CISA — exploitation status determines whether this is patch-now or monitor.
References
- SecurityAffairs. (2026, April 20). CVE-2023-33538 under attack for a year, but exploitation still unsuccessful. *SecurityAffairs*. https://securityaffairs.com/191040/hacking/cve-2023-33538-under-attack-for-a-year-but-exploitation-still-unsuccessful.html
Original Source
SecurityAffairs
Read original →