CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited

CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited
美国网络安全机构CISA将TP-Link无线路由器的两个安全漏洞（CVE-2023-50224和CVE-2025-9377）加入已知被利用漏洞目录中，涉及认证绕过和命令注入风险（CVSS评分分别为6.5和8.6）。相关路由器型号已到生命周期结束状态，不再支持安全更新。尽管TP-Link发布了固件更新以应对恶意利用活动，但CISA指出这些漏洞已被用于构建僵尸网络（如Quad7），并与中国关联的威胁行为者有关联。 2025-9-4 10:3:0 Author: thehackernews.com(查看原文) 阅读量:9 收藏

Vulnerability / Network Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, noting that there is evidence of them being exploited in the wild.

The vulnerabilities in question are listed below -

CVE-2023-50224 (CVSS score: 6.5) - An authentication bypass by spoofing vulnerability within the httpd service of TP-Link TL-WR841N, which listens on TCP port 80 by default, leading to the disclosure of stored credentials in "/tmp/dropbear/dropbearpwd"
CVE-2025-9377 (CVSS score: 8.6) - An operating system command injection vulnerability in TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9 that could lead to remote code execution

According to information listed on the company's website, the following router models have reached end-of-life (EoL) status -

TL-WR841N (versions 10.0 and 11.0)
TL-WR841ND (version 10.0)
Archer C7 (versions 2.0 and 3.0)

However, TP-Link has released firmware updates for the two vulnerabilities as of November 2024 owing to malicious exploitation activity.

"The affected products have reached their End-of-Service (EOS) and are no longer receiving active support, including security updates," the company said. "For enhanced protection, we recommend that customers upgrade to newer hardware to ensure optimal performance and security."

There are no public reports explicitly referencing the exploitation of the aforementioned vulnerabilities, but TP-Link, in an advisory updated last week, linked in-the-wild activity to a botnet known as Quad7 (aka CovertNetwork-1658), which has been leveraged by a China-linked threat actor codenamed Storm-0940 to conduct highly evasive password spray attacks.

In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are being urged to apply the necessary mitigations by September 24, 2025, to secure their networks.

The development comes a day after CISA placed another high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products (CVE-2020-24363, CVSS score: 8.8) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

文章来源: https://thehackernews.com/2025/09/cisa-flags-tp-link-router-flaws-cve.html
如有侵权请联系:admin#unsafe.sh