Techradar - All the latest technology news

These popular TP-Link routers could be facing some serious security threats - find out if you're affected

Multiple outdated routers are being targeted, CISA is warning.

Jun 18, 2025 - 17:10
 0
These popular TP-Link routers could be facing some serious security threats - find out if you're affected
  • CISA flags security issue affecting multiple TP-Link models
  • It allows threat actors to execute arbitrary system-level commands
  • Affected models have all reached end of life, so should be replaced anyway

Multiple TP-Link routers, which have long reached end-of-life (EoL) status, are being abused in real-life attacks, the US government is warning.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a command injection vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling abuse in the wild.

A command injection vulnerability allows threat actors to execute arbitrary system-level commands on a server by exploiting improperly sanitized user input.

Save up to 52% off Lifelock Identity Theft Protection!

Your personal info is in endless places. And any one of them could accidentally expose you to identity theft. That's why LifeLock monitors hundreds of millions of data points a second for identity theft. LifeLock. For the threats you can't control.

Preferred partner (What does this mean?)View Deal

Popular routers

In this case, the bug is tracked as CVE-2023-33538 and has a severity score of 8.8/10 (high). It affects multiple models, including TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2.

All of these models reached their EoL long ago - between 2010 and 2018. That means that they are no longer receiving updates, and that TP-Link will not be addressing the command injection vulnerability mentioned above.

Usually, when a bug is added to KEV, Federal Civilian Executive Branch (FCEB) agencies have three weeks to apply the patch. Since in this case, there is no patch, users are urged to replace old hardware with newer versions. The deadline to complete the removal is July 7, 2025.

Most OEMs advise this for all of the equipment that reached end-of-life status, both hardware, and software.

Despite being a decade old, these devices are still quite popular - as ,ost can still be purchased on Amazon, where one of the models has more than 9,000 positive reviews, and another has more than 77,000 reviews and ranks well among other similar routers.

“Users should discontinue product utilization,” CISA warned on its website.

The proof-of-concept exploits are “widely available” online, Cybernews noted, highlighting these types of flaws are most dangerous on publicly exposed routers with remote access features. It doesn’t mean they cannot be exploited within the same local network.

You might also like

Read More

Tags:

Previous Article

This Gerard Butler ‘popcorn thriller’ movie has become a high flyer on Netflix’s...

Next Article

This Insignia 50″ Smart TV Drops Below the Price of the Same-Size Amazon Fire TV...

Related Posts

AirPods said to get some nice free upgrades at WWDC 2025, including more gesture control and sleep detection

AirPods said to get some nice free upgrades at WWDC 202...

Jun 5, 2025  0

Google just accused iOS 26 of copying these 3 features on iPhones – and it has a point

Google just accused iOS 26 of copying these 3 features ...

Jun 18, 2025  0

"DNS resolvers aren’t a censorship tool" – experts warn against the risks of growing internet blocking

"DNS resolvers aren’t a censorship tool" – experts warn...

Jun 4, 2025  0