Unrated severityCISA KEVNVD Advisory· Published Jun 7, 2023· Updated Dec 20, 2025
CVE-2023-33538
CVE-2023-33538
Description
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .
Affected products
1- TP-Link/TL-WR940Ndescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.mdmitre
- web.archive.org/web/20230609111043/https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.mdmitre
- www.secpod.com/blog/cisa-issues-warning-on-active-exploitation-of-tp-link-vulnerability-cve-2023-33538/mitre
News mentions
1- A Deep Dive Into Attempted Exploitation of CVE-2023-33538Unit 42 · Apr 16, 2026