Vulnerability Details CVE-2023-33538
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .
Exploit prediction scoring system (EPSS) score
EPSS Score 0.918
EPSS Ranking 99.7%
CVSS Severity
CVSS v3 Score 8.8
Proposed Action
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Ransomware Campaign
Unknown
References
- https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md
- https://web.archive.org/web/20230609111043/https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md
- https://www.secpod.com/blog/cisa-issues-warning-on-active-exploitation-of-tp-link-vulnerability-cve-2023-33538/
- https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md
- https://web.archive.org/web/20230609111043/https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md
- https://www.tp-link.com/us/support/faq/3562/
Products affected by CVE-2023-33538
-
cpe:2.3:h:tp-link:tl-wr740n:1.0
-
cpe:2.3:h:tp-link:tl-wr740n:2.0
-
cpe:2.3:h:tp-link:tl-wr841n:10.0
-
cpe:2.3:h:tp-link:tl-wr841n:8.0
-
cpe:2.3:h:tp-link:tl-wr940n:2.0
-
cpe:2.3:h:tp-link:tl-wr940n:4.0
-
cpe:2.3:o:tp-link:tl-wr740n_firmware:-
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:-
-
cpe:2.3:o:tp-link:tl-wr940n_firmware:-