TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2023-33538 | TP-Link Multiple Routers Command Injection Vulnerability | exploitation_technique | T1068 | Exploitation for Privilege Escalation |
Comments
End-of-life TP-Link routers contain an improper input sanitization flaw that attackers can exploit by sending specially crafted HTTP GET requests to the web interface, leading to privilege escalation and arbitrary code execution.
References
|
| CVE-2023-33538 | TP-Link Multiple Routers Command Injection Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
End-of-life TP-Link routers contain an improper input sanitization flaw that attackers can exploit by sending specially crafted HTTP GET requests to the web interface, leading to privilege escalation and arbitrary code execution.
References
|