A Deep Dive Into Attempted Exploitation of CVE-2023-33538

CVE-2023-33538 is a command injection vulnerability affecting TP-Link routers that allows remote code execution. Unit 42 researchers analyzed exploitation attempts targeting this vulnerability in the wild. The attacks use payloads characteristic of Mirai botnet malware, indicating active exploitation by threat actors. The vulnerability represents a significant threat to network infrastructure as it affects widely deployed consumer and enterprise networking equipment. Successful exploitation allows attackers to gain control of affected devices and potentially incorporate them into botnets for further malicious activities.