CVE-2025-9377

HIGH KEV

TP-Link Archer C7(EU) V2 & TL-WR841N/ND(MS) V9 - Authenticated RCE

Title source: llm

Description

The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It's recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es).

References (3)

[Product] https://www.tp-link.com/us/support/faq/4308/

[Vendor Advisory] https://www.tp-link.com/us/support/faq/4365/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-9377

Scores

CVSS v3 7.2

EPSS 0.2220

EPSS Percentile 95.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2025-09-03

VulnCheck KEV 2025-08-29

ENISA EUVD EUVD-2025-26234

CWE

CWE-78

Status published

Products (3)

tp-link/archer_c7_firmware < 241108

tp-link/tl-wr841nd_firmware < 241108

tp-link/tl-wr841n_firmware < 241108

Published Aug 29, 2025

KEV Added Sep 03, 2025

Tracked Since Feb 18, 2026