Public database exposed 184 million credentials including Microsoft, Facebook, Snapchat, and government account logins

BY Magicpotter 18. Juni 2025 0 comments

Public database exposed 184 million credentials including Microsoft, Facebook, Snapchat, and government account logins

CISA flags security issue affecting multiple TP-Link models
It allows threat actors to execute arbitrary system-level commands
Affected models have all reached end of life, so should be replaced anyway

Multiple TP-Link routers, which have long reached end-of-life (EoL) status, are being abused in real-life attacks, the US government is warning.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a command injection vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling abuse in the wild.

A command injection vulnerability allows threat actors to execute arbitrary system-level commands on a server by exploiting improperly sanitized user input.

Popular routers

In this case, the bug is tracked as CVE-2023-33538 and has a severity score of 8.8/10 (high). It affects multiple models, including TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2.

All of these models reached their EoL long ago – between 2010 and 2018. That means that they are no longer receiving updates, and that TP-Link will not be addressing the command injection vulnerability mentioned above.

Usually, when a bug is added to KEV, Federal Civilian Executive Branch (FCEB) agencies have three weeks to apply the patch. Since in this case, there is no patch, users are urged to replace old hardware with newer versions. The deadline to complete the removal is July 7, 2025.

Most OEMs advise this for all of the equipment that reached end-of-life status, both hardware, and software.

Despite being a decade old, these devices are still quite popular – as ,ost can still be purchased on Amazon, where one of the models has more than 9,000 positive reviews, and another has more than 77,000 reviews and ranks well among other similar routers.

“Users should discontinue product utilization,” CISA warned on its website.

The proof-of-concept exploits are “widely available” online, Cybernews noted, highlighting these types of flaws are most dangerous on publicly exposed routers with remote access features. It doesn’t mean they cannot be exploited within the same local network.

Public database exposed 184 million credentials including Microsoft, Facebook, Snapchat, and government account logins

I tested a bunch of gaming laptops and these are the best

Canada orders Chinese video surveillance tech provider Hikvision to cease all operations and close its business in the country over national security concerns (Yi Wei Wong/Bloomberg)

Look Up on Friday Night and You Just Might See the Bootids Meteor Shower

Humanoids are coming to America: Foxconn’s robot army could build Nvidia’s next-gen servers from scratch

Universal Asked That Scenes Be Added Back Into ‘Jurassic World Rebirth’

Leave a Comment Cancel reply

Mattress Shopping Terms to Know (2025)

Google Gemini’s Scheduled Actions Are Finally Live

I tested a bunch of gaming laptops and these are the best

Useful links

Latest Product

Trending

Latest News

Menu