TP-Link routers face exploitation attempt linked to high-severity flaw - Cybersecurity Dive

TP-Link routers face exploitation attempt linked to high-severity flaw Researchers warn a potential botnet is targeting a vulnerability in end-of-life devices. Published April 17, 2026 David Jones Reporter Share License Add us on Google A hostess waits for visitors at the TP-Link stand at the IFA 2020 Special Edition consumer electronics and appliances trade fair on the fair’s opening day, Sept. 3, 2020, in Berlin. Certain out-of-service models of TP-Link routers are facing exploitation attempts by a potential botnet in April 2026. Sean Gallup via Getty Images Hackers are attempting to exploit a high-severity flaw found in several end-of-life routers from TP-Link, according to a blog post published Friday by Palo Alto Networks’ Unit 42.  Researchers warn the observed payloads share similarities to those found in malware used in Mirai-like botnets. Such activity would involve attempts to download the malware and execute on vulnerable devices, according to researchers.  The vulnerability was originally disclosed in June 2023, and proof of concept exploits appeared prior to the disclosure, wrote Unit 42 researchers.  The Cybersecurity and Infrastructure Security Agency previously added the command injection vulnerability, tracked as CVE-2023-33538, to its Known Exploited Vulnerabilities catalog in July 2025.  Palo Alto Networks telemetry detected large-scale exploitation attempts at the time. Researchers caution that recently observed exploitation attempts have not been successful, but the underlying vulnerability is real.  They said successful exploitation would require authentication to the router’s web interface.  TP-Link confirmed the routers have reached end-of-life status and are no longer being supported and should therefore be replaced with hardware that is under support, according to the Unit 42 post. Users should also make sure default credentials are not being used.  The research follows years of concerns about the security of TP-Link routers, which have raised larger concerns about the security of foreign-linked networking equipment.  Forescout Research in October warned of critical flaws in TP-Link Omada routers. In early 2025 a botnet targeted critical flaws in TP-Link Archer routers in a campaign targeting U.S. organizations.  Add us on Google Share PURCHASE LICENSING RIGHTS Filed Under: Vulnerability