Command Injection Vulnerability in TP-Link Routers
CVE-2023-33538

8.8HIGH

Key Information:

Vendor: Tp-link
Status: Tl-wr940n Firmware
Vendor: CVE Published:; 7 June 2023

Summary

Recent findings indicate a command injection vulnerability present in specific TP-Link router models, including TL-WR940N, TL-WR841N, and TL-WR740N. This vulnerability arises from improper handling of requests via the component /userRpm/WlanNetworkRpm, which could allow attackers to execute arbitrary commands on the device. Users of these routers should apply the latest firmware updates and follow best practices for securing their network environments to mitigate potential risks.

References

https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2023
Vulnerability Reserved
May 22, 2023