Cybersecurity alert over TP-Link routers

Metro India News | Hyderabad

A major cybersecurity alert has been issued over older TP-Link routers, which are being actively targeted by hackers exploiting a high-severity vulnerability. Security researchers warn that attackers are using this flaw to spread Mirai-based malware and convert vulnerable devices into botnet “zombies” capable of launching large-scale cyberattacks.

The concern is heightened as many affected routers are end-of-life (EoL) models that no longer receive security updates, leaving users without official patches. Researchers from Unit 42 at Palo Alto Networks have identified the vulnerability as CVE-2023-33538, a command injection flaw that can be triggered through specially crafted HTTP requests to a router’s web interface. This allows unauthenticated attackers to execute commands and take full control of the device.

Once compromised, routers can be recruited into botnets used for distributed denial-of-service (DDoS) attacks, flooding servers with traffic and disrupting services. Reports indicate that large-scale automated exploitation attempts have been underway since early 2026, with the vulnerability now flagged as actively exploited.

Cybersecurity experts highlight that outdated devices are particularly at risk, as vendors discontinue updates, making them easy targets. Weak passwords and default credentials further increase exposure, enabling attackers to infiltrate networks and manipulate traffic. Compromised routers can also be used for credential harvesting and traffic redirection, where users are unknowingly diverted to fake websites that mimic legitimate platforms. This allows hackers to steal sensitive information such as login credentials.

Experts stress that there is no such thing as a “hack-proof” system and urge users to replace outdated routers, update firmware regularly, and use strong, unique passwords to reduce risk.