Hackers Unsuccessful in Exploiting Vulnerability in Discontinued TP-Link Routers, Reports Palo Alto Networks
Hackers have been attempting to exploit a vulnerability in discontinued TP-Link routers for over a year, but have so far been unsuccessful, according to a report by Palo Alto Networks. The vulnerability, identified as CVE-2023-33538, is an authenticated command injection issue that affects several models of TP-Link routers, including TL-WR940N v2 and v4, TL-WR740N v1 and v2, and TL-WR841N v8 and v10. The flaw, which has a CVSS score of 8.8, is due to the lack of sanitization of the ssid1 parameter in HTTP GET requests. Although proof-of-concept exploit code has been available for nearly three years, hackers have failed to exploit the flaw due to errors in the exploit code and incorrect targeting of parameters. The U.S. cybersecurity agency CISA has previously added this vulnerability to its Known Exploited Vulnerabilities catalog, urging federal agencies to discontinue the use of these devices. 
