WEB TP-Link Multiple Routers Command Injection Vulnerability (CVE-2023-33538)

Rule ID

1236888

Severity

High

Description

The vulnerability is due to improper sanitization of user-supplied input in the ssid1 parameter handled by the /userRpm/WlanNetworkRpm endpoint. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request that injects shell commands, which the router's firmware executes with elevated privileges. Successful exploitation could lead to remote code execution on the affected device.

Impact

Remote command execution

Recommendation

Update vendor's patch.

IPS Category

Web threats

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2023-33538

T1190

T1059.004

Keywords

N/A

Date Created

2025/06/17

Last Updated

2025/08/06

This website uses cookies to ensure you get the best experience on our website.