TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in attacks.
www.bleepingcomputer.com
The researcher confirmed through testing that TP-Link Archer AX10 and Archer AX1500 use vulnerable CWMP binaries.
Mehrun also noted that EX141, Archer VR400, TD-W9970, and possibly several other router models from TP-Link are potentially affected.
Until TP-Link determines which devices are vulnerable and releases fixes for them, users should change default admin passwords, disable CWMP if not needed, and apply the latest firmware update for their device. If possible, segment the router from critical networks.