CVE-2025-9377
HIGH7.2CVSS v3
—CVSS v2
26.91%
EPSS (exploit probability)
CWE-78CWE
Description
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9.
This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108.
Both products have reached the status of EOL (end-of-life).
It's recommending to
purchase the new
product to ensure better performance and security. If replacement is not
an option in the short term, please use the second reference link to
download and install the patch(es).
CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected routers (2)
| Vendor | Model | Matched via | Affected versions | Fixed in | Patch Status |
|---|---|---|---|---|---|
| TP-Link | TP-Link Archer C7 | — |
versionEndExcluding=241108 | 241108 | Patched |
| TP-Link | TP-Link TL-WR841N | — |
versionEndExcluding=241108 | 241108 | Patched |