Vulnerability Details CVE-2025-9377
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9.
This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108.
Both products have reached the status of EOL (end-of-life).
It's recommending to
purchase the new
product to ensure better performance and security. If replacement is not
an option in the short term, please use the second reference link to
download and install the patch(es).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.237
EPSS Ranking 95.8%
CVSS Severity
CVSS v3 Score 7.2
Proposed Action
TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Ransomware Campaign
Unknown
References
Products affected by CVE-2025-9377
-
cpe:2.3:h:tp-link:archer_c7:2.0
-
cpe:2.3:h:tp-link:tl-wr841n:v9
-
cpe:2.3:h:tp-link:tl-wr841nd:9
-
cpe:2.3:o:tp-link:archer_c7_firmware:-
-
cpe:2.3:o:tp-link:archer_c7_firmware:180114
-
cpe:2.3:o:tp-link:archer_c7_firmware:230602
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:-
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:0.9.1_4.16
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:0.9.1_4.18
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:150310
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:150616
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:201216
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:230506
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:3.13.9
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:3.16.9
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:4.17.16_build_120201_rel.54750n
-
cpe:2.3:o:tp-link:tl-wr841nd_firmware:-