Remote Command Execution Vulnerability in TP-Link Archer C7 and TL-WR841N
CVE-2025-9377

8.6HIGH

Key Information:

Vendor: Tp-link Systems Inc.
Status: Archer C7(eu) V2; Tl-wr841n/nd(ms) V9
Vendor: CVE Published:; 29 August 2025

🔔 Create Tp-link Systems Inc. Vulnerability Alert

Badges

👾 Exploit Exists🟣 EPSS 18%🦅 CISA Reported📰 News Worthy

What is CVE-2025-9377?

An authenticated remote command execution vulnerability has been identified in the parental control page of the TP-Link Archer C7 (EU) V2 and TL-WR841N/ND (MS) V9 routers. This vulnerability allows attackers with valid credentials to execute arbitrary commands on the affected devices. Notably, both products have reached end-of-life (EOL) status, meaning they may no longer receive official security updates. Users are strongly encouraged to consider upgrading to newer models for improved security and performance. If immediate replacement is not feasible, a patch is available for download and installation.

CISA has reported CVE-2025-9377

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-9377 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Archer C7(EU) V2 0 < 241108

TL-WR841N/ND(MS) V9 0 < 241108

News Articles

BleepingComputer

CVE-2023-50224 CVE-2025-9377

New TP-Link zero-day surfaces as CISA warns other flaws are exploited

TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in attacks.

3 weeks ago