Public database exposed 184 million credentials including Microsoft, Facebook, Snapchat, and government account logins

CISA flags security issue affecting multiple TP-Link models
It allows threat actors to execute arbitrary system-level commands
Affected models have all reached end of life, so should be replaced anyway

Multiple TP-Link routers, which have long reached end-of-life (EoL) status, are being abused in real-life attacks, the US government is warning.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a command injection vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling abuse in the wild.

A command injection vulnerability allows threat actors to execute arbitrary system-level commands on a server by exploiting improperly sanitized user input.

Popular routers

In this case, the bug is tracked as CVE-2023-33538 and has a severity score of 8.8/10 (high). It affects multiple models, including TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2.

All of these models reached their EoL long ago – between 2010 and 2018. That means that they are no longer receiving updates, and that TP-Link will not be addressing the command injection vulnerability mentioned above.

Usually, when a bug is added to KEV, Federal Civilian Executive Branch (FCEB) agencies have three weeks to apply the patch. Since in this case, there is no patch, users are urged to replace old hardware with newer versions. The deadline to complete the removal is July 7, 2025.

Most OEMs advise this for all of the equipment that reached end-of-life status, both hardware, and software.

Despite being a decade old, these devices are still quite popular – as ,ost can still be purchased on Amazon, where one of the models has more than 9,000 positive reviews, and another has more than 77,000 reviews and ranks well among other similar routers.

“Users should discontinue product utilization,” CISA warned on its website.

The proof-of-concept exploits are “widely available” online, Cybernews noted, highlighting these types of flaws are most dangerous on publicly exposed routers with remote access features. It doesn’t mean they cannot be exploited within the same local network.

https://cdn.mos.cms.futurecdn.net/dyv5FojGaddR7Q8G9db7ze.jpg

Source link

New Sky Original action movie Fuze has the most bizarre connection to Taylor Swift’s Eras Tour — and it could have shut down production

Why shouldn’t I indulge in Ninja’s Smart Kettle now it’s hit a record low price at Amazon?

Smeg’s tiny and stylish new milk frother will add a touch of flair to your morning coffee routine

Currys expands its Easter sale with dozens of new deals — I’ve found 24 top offers on TVs, laptops, appliances, and more

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Best Long-Lasting Press-on Nails for Airport Travel

Olivia Rodrigo Has Been Quietly Teasing the Babydoll Dress From Her ‘You Seem Pretty Sad’ Album Cover for Weeks

Why Mateo’s Change To Night Shift Is Important For The Pitt Season 2 Explained By Jalen Thomas Brooks

8 Action TV Heroes That Are Stronger Than Alan Ritchson’s Reacher

I was rejected 33 times and built a $390 million company — at 48 years old. Age bias in tech is costing us all

Australians cancel Easter travel as worries mount over fuel crisis

The Walmart billionaires next door: Quiet backlash is brewing against the heirs who remade the retailer’s hometown

Q4 impact: Bank stocks slump up to 32% in 3 months, but brokerages bet on SBI, HDFC Bank, 6 more stocks. Check why

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Public database exposed 184 million credentials including Microsoft, Facebook, Snapchat, and government account logins

Best Long-Lasting Press-on Nails for Airport Travel

I was rejected 33 times and built a $390 million company — at 48 years old. Age bias in tech is costing us all

New Sky Original action movie Fuze has the most bizarre connection to Taylor Swift’s Eras Tour — and it could have shut down production

Olivia Rodrigo Has Been Quietly Teasing the Babydoll Dress From Her ‘You Seem Pretty Sad’ Album Cover for Weeks