CISA warns TP-Link vulnerabilities exploited in active cyberattacks

The US Cybersecurity and Infrastructure Security Agency (CISA) has said two flaws in routers made by Chinese networking biz TP-Link are under active attack and need to be fixed – but there's another flaw being exploited as well.

CISA warned that two flaws, CVE-2023-50224 and CVE-2025-9377, have been exploited in the wild by persons unknown. The first issue allows an attacker without authentication to find authentication credentials by subverting httpd, while the second exposes the Archer C7(EU) V2 and TL-WR841N/ND(MS) V9 routers to remote code execution.

"CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice," the agency warned.

Security officials had already warned about the growing influence of TP-Link in the American hardware market, with Rob Joyce, former head of the NSA's hacking team, noting that the Chinese manufacturer had grown its market share in the US from 10 percent in 2019 to nearly 60 percent by selling its kit at a loss. He suspects that its market share and links to the Chinese government puts American users at risk.

Another TP-Link flaw was also disclosed this week. A bug in the Customer Premises Equipment WAN Management Protocol (CWMP) leaves routers prone to crashing, according to security researcher Mehrun.

Read more -here-

• Electronic Arts will reportedly be acquired for $50B
• Amazon settles Prime allegations with FTC for $2.5 billion
• Spotify now directly integrates with DJ software
• Meta rolls out real-time translation feature on WhatsApp
• Nvidia to invest $5B in Intel and develop chips with onetime rival
• PayPal and Google seal partnership to enable AI-led commerce