A Deep Dive Into Attempted Exploitation of CVE-2023-33538

Thursday, April 16, 2026 at 10:00 PM UTC·Source: Unit 42 (Palo Alto)

Updated: Thursday, April 16, 2026 at 10:04 PM UTC

Executive Summary

CVE-2023-33538 allows for command injection in TP-Link routers. We discuss exploitation attempts with payloads characteristic of Mirai botnet malware. The post A Deep Dive Into Attempted Exploitation of CVE-2023-33538 appeared first on Unit 42 .

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2023-33538

NVD MITRE CVE

Source Attribution

Originally published by Unit 42 (Palo Alto) on Apr 16, 2026.

Related Threats

LOWMalware

U.S. authorities conduct cyber operations as part of global crackdown on DDoS-for-hire services

ANCHORAGE, Alaska – The U.S. Justice Department today announced court-authorized actions taken to disrupt some of the world’s leading Distributed Denial of Service (DDoS) Internet of Things (IoT) botnet services. U.S. authorities continue to focus resources on charging DDoS botnet administrators and seizing infrastructure, like websites, that allow paying users to launch powerful DDoS attacks....

Apr 17, 2026DataBreaches.net

MEDIUMMalware

ZionSiphon Malware Targets ICS in Water Facilities

The malware is configured to operate on systems associated with Israeli water treatment and desalination plants. The post ZionSiphon Malware Targets ICS in Water Facilities appeared first on SecurityWeek .

Apr 17, 2026SecurityWeek

MEDIUMMalware

ZionSiphon malware designed to sabotage water treatment systems

A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their operations. [...]

Apr 16, 2026BleepingComputer