InfoSecBulletin Cybersecurity for mankind
Hackers are looking for weak TP-Link home routers to spread Mirai-like malware, taking advantage of CVE-2023-33538 in a new round of automated attacks.
Current exploit attempts have some technical problems, but researchers say the bug is real and can be dangerous when used with default passwords and outdated firmware.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
Network security appliances
It affects TL‑WR940N v2/v4, TL‑WR740N v1/v2 and TL‑WR841N v8/v10 models, all of which are now end‑of‑life and no longer receive security updates.
The flaw is in the /userRpm/WlanNetworkRpm.htm link, where the router handles Wi-Fi settings. CVE-2023-33538 is a command injection flaw in the web management interface of several legacy TP-Link Wi‑Fi routers.
Input made for the ssid1 field can go straight into a shell command without checks. This lets an attacker run any system command on the device.
Public technical papers and old proof-of-concept exploits show how this parameter is misused to run system commands on the affected firmware.
Vendor Advice and Defender Guidance
TP-Link has said that the affected models are no longer supported and will not get updates. They recommend that customers replace them with newer hardware and not use default passwords.
Once the firmware (including the web admin panel) was emulated, the toolkit created a bridged network interface.
Security alerts and CISA’s KEV entry suggest extra safety steps, like turning off remote access, separating IoT devices from important networks, and using strong, unique admin passwords.
Organizations that use security platforms can find or stop related activity by filtering URLs and DNS, preventing intrusions, and analyzing advanced malware. They do this by marking traffic that goes to known Mirai-linked infrastructure.
