AI description
CVE-2023-33538 is a command injection vulnerability found in TP-Link routers, specifically the TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 models. The vulnerability exists within the `/userRpm/WlanNetworkRpm` component. This vulnerability allows an attacker to inject arbitrary commands into the system by manipulating an unknown input. Successful exploitation could lead to a compromise of confidentiality, integrity, and availability of the affected device. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation in the wild.
- Description
- TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- tl-wr940n_firmware, tl-wr841n_firmware, tl-wr740n_firmware
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- TP-Link Multiple Routers Command Injection Vulnerability
- Exploit added on
- Jun 16, 2025
- Exploit action due
- Jul 7, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Almost a year ago, we investigated active exploitation of CVE-2023-33538. What looked simple wasn’t. The real risk came from routers using default credentials, still widespread across #IoT. https://t.co/zRQP5ydD8C
@Asher_Davila
27 Apr 2026
60 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
TP-Link Router の脆弱性 CVE-2023-33538:EOL 狙いの Mirai 亜種配布を検知 https://t.co/99d9SUAQ6o TP-Link の古いルーターには、Wi-Fi設定 (SSID) を受け取るプログラムにおける不十分なチェックという、古い脆弱性 CVE-2023-33538
@iototsecnews
23 Apr 2026
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Hackers have been trying for over a year to exploit a #serious flaw (CVE-2023-33538) in outdated TP-Link routers, but so far without success. #CyberSecurity #InfoSec https://t.co/q3XDuzpqTU https://t.co/cpmrytvonf
@twelvesec
23 Apr 2026
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TP-Link router owners beware | A Deep Dive Into Attempted Exploitation of CVE-2023-33538 #devopsish https://t.co/6NYcsj50qp
@ChrisShort
21 Apr 2026
140 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers (CVE-2023-33538) https://t.co/x8YvYGR4XC #security #cybersecurity
@eyalestrin
21 Apr 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-33538 under attack for a year, but exploitation still unsuccessful https://t.co/hvOlekFFjW #securityaffairs #hacking
@securityaffairs
21 Apr 2026
180 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2023-33538 under attack for a year, but exploitation still unsuccessful - https://t.co/vYykQEQBpS
@Whitehead4Jeff
20 Apr 2026
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Year-long exploitation attempts against CVE-2023-33538 (CVSS 8.8) in TP-Link routers fail due to flawed attack code targeting wrong parameters and missing authentication. #DFIR_Radar https://t.co/sUz9mSQOfy
@DFIR_Radar
20 Apr 2026
132 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
#threatreport #MediumCompleteness A Deep Dive Into Attempted Exploitation of CVE-2023-33538 | 16-04-2026 Source: https://t.co/VeP4FwSsse Key details below ↓ 💀Threats: Mirai, Condi, 🎯Victims: Internet of things devices, Wireless routers, Tp link routers 🏭Industry: Io
@rst_cloud
20 Apr 2026
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 TP-Link router flaw (CVE-2023-33538) targeted in active attacks Command injection attempts → Mirai-like malware delivery → botnet propagation attempts (unsuccessful due to flawed exploits & device limits) 💡 Lesson: Not every CVE = real-world compromise. Poor exp
@VivekIntel
20 Apr 2026
109 Impressions
1 Retweet
0 Likes
1 Bookmark
0 Replies
0 Quotes
Hackers have targeted CVE-2023-33538 flaw in old TP-Link routers for a year, but no successful exploitation has been seen so far. #CyberSecurity https://t.co/OIH2zvgAWi
@KlinkWow769
20 Apr 2026
50 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Active exploitation attempts of CVE-2023-33538, a command injection vulnerability in end-of-life TP-Link routers, were detected. The vulnerability allows attackers to inject commands via the ssid1 parameter, but requires authentication. https://t.co/g3MtHiAWAQ
@securityRSS
20 Apr 2026
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-33538 under attack for a year, but exploitation still unsuccessful https://t.co/UlW0xddPDK
@hackplayers
20 Apr 2026
265 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-33538 under attack for a year, but exploitation still unsuccessful: Hackers have targeted CVE-2023-33538 flaw in old TP-Link routers for a year, but no successful exploitation has been seen so far. Hackers have been trying for over a year to… https://t.co/lCDn3u07Vq
@shah_sheikh
20 Apr 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-33538 under attack for a year, but exploitation still unsuccessful https://t.co/hvOlekFFjW #securityaffairs #hacking @PaloAltoNtwks
@securityaffairs
20 Apr 2026
194 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TP-Link Routers Hit by Mirai in CVE-2023-33538 Attacks https://t.co/syfuJyeRnk
@PVynckier
19 Apr 2026
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
• #CyberSecurity #CyberCrime #DataHack #DataPrivacy #DataTheft #DataLeaks #DataBreach 💾 • • #Hacked #Malware #Spyware #Zerodays #Ransomware #Phishing #Backdoor #RCE #RAT ☠️ • » Hackers Target TP-Link Routers With Mirai Malware in CVE-2023-33538 Exploitation Atte
@tatha_gautama
18 Apr 2026
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers are exploiting CVE-2023-33538 in outdated TP-Link routers to deploy Mirai-based botnets. Ensure your devices are updated or replaced to stay secure. #CyberSecurity #IoT #Botnet Link: https://t.co/EMXp7TZ7yh https://t.co/YwiiTfoc0w
@dailytechonx
18 Apr 2026
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cyber Alert: Hackers are actively exploiting TP-Link routers using Mirai malware through CVE-2023-33538 vulnerability. IoT devices are being added to botnets for large-scale attacks ⚠️ Secure your routers immediately Read more 👉 https://t.co/XdsEAvpZKT #IoT #Mirai #I
@Xploitzone_01
18 Apr 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 استهداف أجهزة TP-Link ببرمجيات خبيثة Mirai في محاولات استغلال CVE-2023-33538 يقوم المخترقون باستهداف أجهزة TP-Link باستخدام برمجيات خبيثة Mirai في محاولات استغلال CVE-2023
@MisbarSec
18 Apr 2026
191 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-33538: Mirai Botnet Targets End-of-Life TP-Link Routers https://t.co/xMnrprCqzk
@cybrsecpath
18 Apr 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TP-Link社Wi-Fiルータの脆弱性CVE-2023-33538を狙う攻撃の観測について。パロアルトネットワークス社報告。 https://t.co/BrT0t4E2ZK
@__kokumoto
18 Apr 2026
608 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Unit 42 notes that CVE-2023-33538 enables command injection on TP-Link routers and discusses exploitation attempts using Mirai-like payloads. https://t.co/pqQZcI2NBe
@Cyber_O51NT
18 Apr 2026
808 Impressions
4 Retweets
14 Likes
6 Bookmarks
0 Replies
1 Quote
Hackers Target TP-Link Routers With Mirai Malware in CVE-2023-33538 Exploitation Attempts https://t.co/G0u5CJ04Po
@R4yt3d
17 Apr 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
BREAKING: Hackers hit end-of-life TP-Link TL-WR940N, TL-WR740N, TL-WR841N routers via CVE-2023-33538, attempting Mirai-style botnet installs on devices using default credentials. https://t.co/kL01ivmKdR
@threatcluster
17 Apr 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-33538攻撃でTP-LinkルーターがMiraiに襲われる https://t.co/myIW0Ksuuk
@TYOBlackHatNews
17 Apr 2026
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cyber Dreigingsradar 17 april 2026 Dreigingsniveau VERHOOGD (72/100) • 35 nieuwe incidenten in NL/BE (24u) • CVE-2025-43300 (CVSS 10.0) actief misbruikt • CVE-2023-33538 aanvallen op TP-Link routers https://t.co/vdI4Uxbkfo #cyberdreiging #dreigingsradar #cybersecuri
@CCINLCybercrime
17 Apr 2026
203 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A Deep Dive Into Attempted Exploitation of CVE-2023-33538 https://t.co/CyFb9in271
@Dinosn
17 Apr 2026
1074 Impressions
2 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2023-33538(生産終了のTP-Link製Wi-FiルーターのTL-WR940N_v2/v4、TL-WR740N_v1/v2、TL-WR841N_v8/v10に存在するコマンドインジェクション)を狙う観測通信について、TL-WR940N_V4ファームウェアのエミュレーションとリバース
@MalwareBibleJP
17 Apr 2026
658 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
Originally from Unit 42: A Deep Dive Into Attempted Exploitation of CVE-2023-33538 https://t.co/xxSMwoZWx3 ( :-{ı▓ #unit42 #threathunting #cyberresearch https://t.co/xVzxAPVIA9
@Cyb3rR3s34rch
17 Apr 2026
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TP-Link社Wi-Fiルータの脆弱性CVE-2023-33538を狙う攻撃の観測について。パロアルトネットワークス社報告。 https://t.co/BrT0t4E2ZK
@__kokumoto
17 Apr 2026
664 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
A Deep Dive Into Attempted Exploitation of CVE-2023-33538 https://t.co/h2XFMKfUv2
@pigram86
16 Apr 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A Deep Dive Into Attempted Exploitation of CVE-2023-33538 https://t.co/p1JAQNLx4J
@yactina1336
16 Apr 2026
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Unit 42 | A Deep Dive Into Attempted Exploitation of CVE-2023-33538 https://t.co/3EtwaAP5As
@StopMalvertisin
16 Apr 2026
197 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
A Deep Dive Into Attempted Exploitation of CVE-2023-33538 Executive Summary We identified active, automated scans and probes attempting to exploit CVE-2023-33538 , a vulnerability in several end-of-life TP-Link Wi-Fi router models:
@RedHornet_Intel
16 Apr 2026
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert #CISO https://t.co/mYOdNPmRP2 https://t.co/eSHKIb9aDa
@compuchris
24 Jul 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert
@huseyin_y52727
30 Jun 2025
11 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2023-33538
@transilienceai
28 Jun 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert The U.S. Cybersecurity and Infrastruc 𝗖𝘂𝗿𝗶𝗼𝘂𝘀? 𝗙𝗼𝗹𝗹𝗼𝘄 𝘂𝘀 𝗳𝗼𝗿 𝘁𝗵𝗲 𝗳𝘂𝗹𝗹 𝘀𝘁𝗼𝗿𝘆! @thehackersnews @edgeitech
@Edgeitech
25 Jun 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PC関連の機器は最低でも4、5年で買い替えた方が安全だね 踏み台にされる可能性もあるしね TP-Linkのルーターの脆弱性が悪用の可能性(CVE-2023-33538) https://t.co/gvnD4lqtL2
@AnxieLamb
23 Jun 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TP-Linkのルーターの脆弱性が悪用の可能性(CVE-2023-33538) #セキュリティ対策Lab #セキュリティ #Security https://t.co/J71yHPZl8C
@securityLab_jp
22 Jun 2025
189 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA has added CVE-2023-33538, a command injection vulnerability in TP-Link routers (CVSS score: 8.8), to its KEV catalog due to active exploitation. Affected models include TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2. https://t.co/S95INSO5nY
@securityRSS
18 Jun 2025
72 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert. CISA added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. https://t.co/rMS1IyDA4E https:/
@riskigy
18 Jun 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New Exploit Alert – TP-Link AX21 (CVE-2023-33538) A critical bug allows remote code execution without login. Active attacks spotted in NA, SEA & EU. 🔗 PoC: https://t.co/I4D8hClsvh 📎 Technical breakdown: https://t.co/cfePEE6s8I #CyberSecurity #TPLink #CVE202333
@certcube
18 Jun 2025
184 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#CVE-2023-33538 TP-Link Multiple Routers Command #Injection #Vulnerability https://t.co/QtbSrWWj1Y
@ScyScan
18 Jun 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert: CVE-2023-33538 exposes command injection vulnerabilities in multiple TP-Link routers. Users should consider discontinuing use or applying vendor mitigations. Stay safe online! 🔒💻 #CyberSecurity #Vulnerability #TPLink @FreedomCoder https://t.co/kYksgjOcm
@prod42net
18 Jun 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨TP-Linkルーターにおけるコマンドインジェクションの脆弱性が攻撃で悪用されている:CISAが警告(CVE-2023-33538) ⚠️ClickFixマルウェアの新種「LightPerlGirl」が見つかる 〜サイバーアラート 6月18日〜 https://t.c
@MachinaRecord
18 Jun 2025
194 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
TP-Linkルーターの脆弱性CVE-2023-33538が悪用中CISAが警告 https://t.co/AmcGp1Fbqv #Security #セキュリティ #ニュース
@SecureShield_
18 Jun 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA just flagged a live exploit in TP-Link routers (CVE-2023-33538, CVSS 8.8) — attackers can run system commands remotely. Worse? Many affected models may be end-of-life, with no fix coming.
@Aizendcom
17 Jun 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TP-Link Router #flaw #CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert https://t.co/mODWoxdrHN
@AdliceSoftware
17 Jun 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2492A6CA-DFF1-42DC-8800-4A66D8943C33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68707068-83D6-460C-9107-1B86FC95F6DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6212F19C-E507-43BC-B3F0-7DDABB84BE20",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F95370-1001-4194-A0CB-B3CEA027AB6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1520C26-52D3-46E6-B11B-89C4085DDF23",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "694B53D1-8714-4678-A9CF-51FF230C8BC4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr740n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13CA99B0-BE20-4850-9D5E-2CC6020C4775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr740n:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6284AB5D-17FD-411B-99A1-948434193041",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:tp-link:tl-wr740n:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7D2E14-77D8-4534-BBD1-D52ADA5B175F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]