CVE-2023-33538: Command Injection
First published: Wed Jun 07 2023(Updated: )
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TP-Link WR940N Firmware | ||
| TP-Link TL-WR940N V2 Firmware | =2.0 | |
| TP-Link TL-WR940N V2 Firmware | =4.0 | |
| TP-Link TL-WRN841N Firmware | ||
| TP-Link TL-WR841ND Firmware | =8.0 | |
| TP-Link TL-WR841ND Firmware | =10.0 | |
| TP-Link TL-WR740N | ||
| TP-Link TL-WR740N V2 Firmware | =1.0 | |
| TP-Link TL-WR740N V2 Firmware | =2.0 | |
| All of | ||
| TP-Link WR940N Firmware | ||
| Any of | ||
| TP-Link TL-WR940N V2 Firmware | =2.0 | |
| TP-Link TL-WR940N V2 Firmware | =4.0 | |
| All of | ||
| TP-Link TL-WRN841N Firmware | ||
| Any of | ||
| TP-Link TL-WR841ND Firmware | =8.0 | |
| TP-Link TL-WR841ND Firmware | =10.0 | |
| All of | ||
| TP-Link TL-WR740N | ||
| Any of | ||
| TP-Link TL-WR740N V2 Firmware | =1.0 | |
| TP-Link TL-WR740N V2 Firmware | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-33538?
CVE-2023-33538 is a command injection vulnerability in TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 routers.
How severe is CVE-2023-33538?
CVE-2023-33538 has a severity score of 8.8, which is considered high.
Which TP-Link router models are affected by CVE-2023-33538?
CVE-2023-33538 affects TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 routers.
What is the component that contains the command injection vulnerability?
The command injection vulnerability in CVE-2023-33538 is found in the /userRpm/WlanNetworkRpm component.
Is there a fix available for CVE-2023-33538?
Currently, there is no official fix available for CVE-2023-33538. It is recommended to update to the latest firmware when it becomes available or apply any provided patches from the vendor.
- agent/type
- agent/severity
- agent/description
- agent/references
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/tp-link
- canonical/tp-link wr940n firmware
- canonical/tp-link tl-wr940n v2 firmware
- version/tp-link tl-wr940n v2 firmware/2.0
- version/tp-link tl-wr940n v2 firmware/4.0
- canonical/tp-link tl-wrn841n firmware
- canonical/tp-link tl-wr841nd firmware
- version/tp-link tl-wr841nd firmware/8.0
- version/tp-link tl-wr841nd firmware/10.0
- canonical/tp-link tl-wr740n
- canonical/tp-link tl-wr740n v2 firmware
- version/tp-link tl-wr740n v2 firmware/1.0
- version/tp-link tl-wr740n v2 firmware/2.0