Millions of Routers at Risk: CVE-2024-21833 Threatens TP-Link Devices


Recently, CYFIRMA’s Research Team has conducted an exhaustive analysis of a security vulnerability, identified as CVE-2024-21833, that poses a significant risk to TP-Link Routers. Discovered on January 10, 2024, by JPCERT/CC, this vulnerability has been assigned a CVSS score of 8.8, signifying its severity.

TP-Link, a trusted name in networking products, offers a wide range of solutions catering to both home and business users. Their routers, switches, Wi-Fi range extenders, and other devices have gained popularity for their reliability and affordability. The vulnerability affects models like the Archer AX3000, AX5400, AXE75, Deco X50, and XE200. It allows unauthenticated attackers nearby network access, enabling them to execute arbitrary OS commands. This flaw is not just a backdoor; it’s an open invitation to malicious actors, potentially allowing them to disrupt services, steal sensitive information, or enlist devices into botnets.

Read more…