Article Details

CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, noting that there is evidence of them being exploited in the wild. The vulnerabilities in question are listed below - According to information listed on the company's website, the following router models have reached end-of-life (EoL) status - However, TP-Link has released firmware updates for the two vulnerabilities as of November 2024 owing to malicious exploitation activity. "The affected products have reached their End-of-Service (EOS) and are no longer receiving active support, including security updates," the company said. "For enhanced protection, we recommend that customers upgrade to newer hardware to ensure optimal performance and security." There are no public reports explicitly referencing the exploitation of the aforementioned vulnerabilities, but TP-Link, in an advisory updated last week, linked in-the-wild activity to a botnet known as Quad7 (aka CovertNetwork-1658), which has been leveraged by a China-linked threat actor codenamed Storm-0940 to conduct highly evasive password spray attacks. In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are being urged to apply the necessary mitigations by September 24, 2025, to secure their networks. The development comes a day after CISA placed another high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products (CVE-2020-24363, CVSS score: 8.8) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.