1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. TP-Link Multiple Routers Command Injection Vulnerability

Known Exploited Vulnerabilities CVE-2023-33538

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-33538 TP-Link Multiple Routers Command Injection Vulnerability exploitation_technique T1068 Exploitation for Privilege Escalation
Comments
End-of-life TP-Link routers contain an improper input sanitization flaw that attackers can exploit by sending specially crafted HTTP GET requests to the web interface, leading to privilege escalation and arbitrary code execution.
References
  1. https://www.secpod.com/blog/cisa-issues-warning-on-active-exploitation-of-tp-link-vulnerability-cve-2023-33538/
CVE-2023-33538 TP-Link Multiple Routers Command Injection Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
End-of-life TP-Link routers contain an improper input sanitization flaw that attackers can exploit by sending specially crafted HTTP GET requests to the web interface, leading to privilege escalation and arbitrary code execution.
References
  1. https://www.secpod.com/blog/cisa-issues-warning-on-active-exploitation-of-tp-link-vulnerability-cve-2023-33538/