Close Menu
TechurzTechurz
    What's Hot

    Startup Battlefield Australia application closes in days: Apply before July 6

    June 30, 2026

    Acti puts AI agents directly into your smartphone keyboard

    June 30, 2026

    The DeepMind trio who built a poker AI are now making money for quant hedge funds

    June 30, 2026
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Tech Pulse
    • Startup Battlefield Australia application closes in days: Apply before July 6
    • Acti puts AI agents directly into your smartphone keyboard
    • The DeepMind trio who built a poker AI are now making money for quant hedge funds
    • Nvidia competitor Etched hits $5B valuation, $1B in sales for AI chip
    • Clicks shows off its BlackBerry-inspired phone in a new hands-on video
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    TechurzTechurz
    • Home
    • Tech Pulse
    • Future Tech
    • AI Systems
    • Cyber Reality
    • Disruption Lab
    • Signals
    TechurzTechurz
    Home - Cyber Reality - CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited
    Cyber Reality

    CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited

    TechurzBy TechurzSeptember 6, 2025Updated:May 10, 2026No Comments2 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Sep 04, 2025Ravie LakshmananVulnerability / Network Security

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, noting that there is evidence of them being exploited in the wild.

    The vulnerabilities in question are listed below –

    • CVE-2023-50224 (CVSS score: 6.5) – An authentication bypass by spoofing vulnerability within the httpd service of TP-Link TL-WR841N, which listens on TCP port 80 by default, leading to the disclosure of stored credentials in “/tmp/dropbear/dropbearpwd”
    • CVE-2025-9377 (CVSS score: 8.6) – An operating system command injection vulnerability in TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9 that could lead to remote code execution

    According to information listed on the company’s website, the following router models have reached end-of-life (EoL) status –

    • TL-WR841N (versions 10.0 and 11.0)
    • TL-WR841ND (version 10.0)
    • Archer C7 (versions 2.0 and 3.0)

    However, TP-Link has released firmware updates for the two vulnerabilities as of November 2024 owing to malicious exploitation activity.

    “The affected products have reached their End-of-Service (EOS) and are no longer receiving active support, including security updates,” the company said. “For enhanced protection, we recommend that customers upgrade to newer hardware to ensure optimal performance and security.”

    There are no public reports explicitly referencing the exploitation of the aforementioned vulnerabilities, but TP-Link, in an advisory updated last week, linked in-the-wild activity to a botnet known as Quad7 (aka CovertNetwork-1658), which has been leveraged by a China-linked threat actor codenamed Storm-0940 to conduct highly evasive password spray attacks.

    In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are being urged to apply the necessary mitigations by September 24, 2025, to secure their networks.

    The development comes a day after CISA placed another high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products (CVE-2020-24363, CVSS score: 8.8) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

    actively CISA CVE202350224 CVE20259377 exploited flags flaws router TPLink
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleToday’s NYT Mini Crossword Clues And Answers For Saturday, September 6th
    Next Article Ahead of Apple’s iPhone event next week, here’s how the big smartphones stack up
    Techurz
    • Website

    Related Posts

    Cyber Reality

    Digital Identity Protection: 7 Hidden Risks Most Users Miss

    May 25, 2026
    Cyber Reality

    Neural Data Policy: 7 Risks That Brain Privacy Laws Miss

    May 25, 2026
    Cyber Reality

    How AI Changing Cyber Crime: 7 Critical Shifts to Watch

    May 25, 2026
    Add A Comment
    Latest Tech Pulse

    College social app Fizz expands into grocery delivery

    September 3, 20252,290

    SolarSquare in talks to raise up to $60M as India’s rooftop solar market draws major VC interest

    May 23, 202622

    Future of Digital Privacy and Security: 7 Truths Nobody Tells You

    May 25, 202619
    Stay In Touch
    • YouTube
    • WhatsApp
    • Twitter
    • Pinterest
    • LinkedIn

    Techurz helps readers stay ahead of digital change with clear, practical, future focused technology intelligence written today,searched tomorrow.

    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Company
    • About Us
    • Contact Us
    • Our Authors / Editorial Team
    • Write For Us
    • Advertise
    Policy
    • Editorial Policy
    • Privacy Policy
    • Terms and Conditions
    • Affiliate Disclosure
    • Cookie Policy
    • Disclaimer
    • DMCA
    Explore
    • AI Systems
    • Cyber Reality
    • Future Tech
    • Disruption Lab
    • Signals
    • Tech Pulse
    • Sitemap

    Join the Techurz Brief

    The future does not arrive suddenly.
    Stay ahead with fast, sharp tech signals.

    Type above and press Enter to search. Press Esc to cancel.