"An attacker could send commands to this parameter. This would allow remote attackers to submit special requests, resulting in command injection and theoretically leading to arbitrary system command execution on the Wi-Fi router."
"Palo Alto Networks' dive into the exploitation attempts has confirmed the existence of the underlying vulnerability, while uncovering errors in the exploit code that prevented attackers from successfully exploiting the CVE."
A vulnerability in discontinued TP-Link routers, tracked as CVE-2023-33538, has been targeted by hackers for a year. The flaw is an authenticated command injection issue due to improper sanitization of the ssid1 parameter in HTTP GET requests. Affected models include TL-WR940N, TL-WR740N, and TL-WR841N. Despite proof-of-concept exploit code being available for three years, attempts to exploit the vulnerability have failed. Palo Alto Networks noted that hackers used Mirai-based payloads but encountered errors preventing successful exploitation.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]