The US Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws that affect TP-link wireless routers to its known Exploited Vulnerabilities (KEV) catalogue, noting that there is evidence that they are being exploited in the wild.
The vulnerabilities in question are listed below –
CVE-2023-50224 (CVSS score: 6.5) – Authentication bypass by spoofing vulnerabilities in the HTTPD service of TP-Link TL-WR841N by default. 8.6) – Operating System Command Injection Vulnerability for TP-Link Archer C7 (EU) V2 and TL-WR841N/ND (MS) V9.
According to information listed on the company’s website, the following router models have reached end of life (EOL) status –
TL-WR841N (version 10.0 and 11.0) TL-WR841ND (version 10.0) Archer C7 (version 2.0 and 3.0)
However, TP-Link has released a firmware update for two vulnerabilities in November 2024 due to malicious exploitation activities.
“The affected products have reached the end of service (EOS) and are not receiving active support, including security updates,” the company said. “For enhanced protection, customers are encouraged to upgrade to new hardware to ensure optimal performance and security.”
Although there is no public report that explicitly refers to the exploitation of the aforementioned vulnerabilities, an advisory updated last week links TP-Link to a botnet known as Quad7 (aka Covertnetwork-1658).
In light of active exploitation, federal private enforcement sector (FCEB) agencies are being urged to apply the necessary mitigations to ensure their networks by September 24, 2025.
The development cites its known exploited vulnerability (KEV) catalogue, evidence of active exploitation, the day after CISA placed another high-strength security flaw affecting the TP-Link TL-Wi-Fi Ranger Extender product (CVE-2020-24363, CVSS score: 8.8).
Source link
