The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding several popular TP-Link router models, stating that these devices are once again being exploited by malicious actors.
This alert highlights a severe command injection vulnerability, with a high severity score of 8.8, affecting three specific TP-Link router models: TP-Link TL-WR940N, TP-Link TL-WR841N, and TP-Link TL-WR740N. The flaw, though discovered a few years ago, has been recently updated on CISA’s Known Exploited Vulnerabilities Catalog, suggesting a resurgence in the exploitation of this vulnerability by attackers.
The vulnerability allows hackers to execute unauthorized commands on affected TP-Link routers. The core of the issue lies within the router’s web management interface, where a specific parameter in a GET request is improperly validated. This oversight enables threat actors to inject malicious commands directly into the router’s firmware. The risk is amplified for publicly exposed routers with remote access features enabled, though attackers can also exploit the flaw from within the same network.
CISA emphasized that “these vulnerabilities and others of the same type are frequent attack vectors for malicious cyber actors and pose a significant risk to the federal enterprise.” In response to this threat, CISA has mandated that all federal agencies remove the affected routers from their networks by July 7, 2025. CISA also strongly urges other organizations and individual users to replace these models promptly.
The affected TP-Link router models are particularly vulnerable due to their age and lack of ongoing support. The TP-Link TL-WR940N (V2/V4), a widely popular consumer model, received its last firmware update in 2016. The TP-Link TL-WR841N (V8/V10) was last updated in 2015. Most critically, the TP-Link TL-WR740N (V1/V2) has not received any updates for fifteen years. All three models have reached their end-of-life status and will no longer receive security updates or patches.
The primary recommendation for owners of these affected routers is to replace them immediately with newer models. Modern Wi-Fi routers benefit from frequent software updates and patches from manufacturers, which are crucial for maintaining security against evolving cyber threats. Beyond replacing outdated hardware, CISA advises users to employ robust cybersecurity practices, including the use of reputable antivirus software.
Many antivirus programs offer additional security features, such as Virtual Private Networks (VPNs), which can further protect users online. Furthermore, several router manufacturers, including TP-Link and Netgear, provide dedicated security packages designed to safeguard an entire home network. The use of outdated routers poses more than just security risks; they can also lead to a significantly degraded online experience, characterized by slower internet speeds and difficulties in managing the increasing number of connected devices in modern homes.
Upgrading to a newer router, such as those supporting Wi-Fi 6 or Wi-Fi 7 standards, not only provides better performance but also incorporates enhanced security features, offering an additional layer of protection for all devices on the network. Just as with outdated software, an old router can expose users to serious online risks. Therefore, CISA’s recommendations to replace these vulnerable devices should be taken with utmost seriousness to mitigate potential cyberattacks and ensure a secure and efficient internet experience.
