Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-33538

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

Published

2023-06-07T04:15:10.623

Last Modified

2025-07-11T14:49:22.130

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-77
Type: Secondary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	tp-link	tl-wr940n_firmware	-	Yes
Hardware	tp-link	tl-wr940n	2.0	No
Hardware	tp-link	tl-wr940n	4.0	No
Operating System	tp-link	tl-wr841n_firmware	-	Yes
Hardware	tp-link	tl-wr841n	8.0	No
Hardware	tp-link	tl-wr841n	10.0	No
Operating System	tp-link	tl-wr740n_firmware	-	Yes
Hardware	tp-link	tl-wr740n	1.0	No
Hardware	tp-link	tl-wr740n	2.0	No

References

https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md Broken Link, Exploit, Third Party Advisory ([email protected])
https://web.archive.org/web/20230609111043/https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md Exploit, Third Party Advisory ([email protected])
https://www.secpod.com/blog/cisa-issues-warning-on-active-exploitation-of-tp-link-vulnerability-cve-2023-33538/ Third Party Advisory ([email protected])
https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md Broken Link, Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://web.archive.org/web/20230609111043/https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md Exploit, Third Party Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.tp-link.com/us/support/faq/3562/ Product (134c704f-9b21-4f2e-91b3-4a467353bcc0)