""CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice," the agency warned. Security officials had already warned about the growing influence of TP-Link in the American hardware market, with Rob Joyce, former head of the NSA's hacking team, noting that the Chinese manufacturer had grown its market share in the US from 10 percent in 2019 to nearly 60 percent by selling its kit at a loss."
"Another TP-Link flaw was also disclosed this week. A bug in the Customer Premises Equipment WAN Management Protocol (CWMP) leaves routers prone to crashing, according to security researcher Mehrun. It's possible that TP-Link will be the next candidate on the US rip-and-replace list at this rate, and American companies will be ruing the fact that cheap can be expensive in the long run. Then again, with Cisco's record, there may not be too many other options."
CISA warned that two TP-Link router vulnerabilities, CVE-2023-50224 and CVE-2025-9377, are being exploited in the wild and require immediate remediation. CVE-2023-50224 allows unauthenticated attackers to retrieve authentication credentials by subverting httpd, while CVE-2025-9377 enables remote code execution on Archer C7(EU) V2 and TL-WR841N/ND(MS) V9 models. CISA advised prioritizing KEV Catalog vulnerability fixes as part of vulnerability management. Security officials noted TP-Link's US market share growth to nearly 60 percent, raising concerns about supply-chain risk. An additional CWMP bug causes routers to crash. Google denied reports that Gmail had been hacked.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]