CVE-2023-33538
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
07/06/2023
Last modified:
27/10/2025
Description
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:tl-wr940n:2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:tl-wr940n:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:tl-wr841n:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:tl-wr841n:10.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:tl-wr740n_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:tl-wr740n:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:tl-wr740n:2.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md
- https://web.archive.org/web/20230609111043/https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md
- https://www.secpod.com/blog/cisa-issues-warning-on-active-exploitation-of-tp-link-vulnerability-cve-2023-33538/
- https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md
- https://web.archive.org/web/20230609111043/https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33538
- https://www.tp-link.com/us/support/faq/3562/