A dangerous bug has been found in some old TP-Link Wi-Fi routers, and hackers are already taking advantage of it. The issue is called CVE-2023-33538, and it lets attackers take full control of your router by sending harmful commands through its settings page.
On June 14, 2025, the U.S. government’s cybersecurity agency CISA officially warned about this. They added it to their Known Exploited Vulnerabilities list, which means this flaw is being used in real attacks right now. U.S. government offices must fix it by July 7, 2025, and if you’re using one of these routers at home, you should act fast too.
The affected models include:
- TP-Link TL-WR940N (Versions 2 and 4)
- TP-Link TL-WR841N (Versions 8 and 10)
- TP-Link TL-WR740N (Versions 1 and 2)
These are older routers that many people still use at home, but they may no longer get updates from TP-Link. That means even if you want to fix the problem, there might not be a software patch available, so the safest option is to replace them.
The problem comes from a part of the router’s settings that controls Wi-Fi. Hackers can trick the router into running bad commands using this area. Once they do that, they can take over your device. This lets them spy on what you do online, steal your personal info, or even use your router in bigger cyberattacks.
CISA recommends that everyone update their router’s firmware immediately. If there’s no update available for your model, it’s best to stop using it completely. You can also block unknown access to your router settings using firewall tools or by turning off remote access features.
This isn’t just a warning, it’s a real problem happening right now. Cybercriminals are already using this trick, and people who don’t fix it are at serious risk.
To make things worse, another big bug was also found in Zyxel firewalls on the same day. That shows just how often these kinds of internet-connected devices are being targeted.
If you’re not very tech-savvy, don’t worry. Here’s what to do:
- Check the model number of your TP-Link router (usually written on the back).
- Visit TP-Link’s official website and see if there’s an update (firmware) for it.
- If no update is available, it’s time to buy a new, secure router.
- Change your router’s default password, and turn off remote access if you don’t need it.
This situation is a reminder that even common devices like routers need regular updates and care. A small bug can lead to big trouble if ignored.
If you’re using one of the affected routers, please don’t wait. Either update it right away or replace it. Better safe than sorry.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
