CVE-2025-9377

Published Aug 29, 2025

Last updated 4 months ago

Exploit knownCVSS high 8.6
Port (80)

Overview

Description
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It's recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es).
Source
f23511db-6c3e-4e32-a477-6aa17d310630
NVD status
Analyzed
CNA Tags
unsupported-when-assigned
Products
tl-wr841n_firmware, tl-wr841nd_firmware, archer_c7_firmware

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.6
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability
Exploit added on
Sep 3, 2025
Exploit action due
Sep 24, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

f23511db-6c3e-4e32-a477-6aa17d310630
CWE-78

Social media

Hype score
Not currently trending

  1. 🚨 CISA Flags TP-Link Router Flaws 🚨 CVE-2023-50224 & CVE-2025-9377 added to KEV catalog — both are under active exploitation, threatening home & enterprise networks. 👉 Full blog: https://t.co/fPs67oC1gP

    @vulert_official

    29 Sept 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-9377 TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

    @ZeroDayFacts

    21 Sept 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited #CISO https://t.co/pVcPadyS1D https://t.co/93QKHz7s75

    @compuchris

    18 Sept 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️Vulnerabilidades en productos TP-Link ❗CVE-2025-9377 ➡️Más info: https://t.co/Zw3OWOJshg https://t.co/3MVz2Bczwk

    @CERTpy

    8 Sept 2025

    134 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CISA adds TP-Link router flaws (CVE-2023-50224 & CVE-2025-9377) to its KEV catalog. Attackers are exploiting them NOW. Upgrade your hardware ASAP. Read More: https://t.co/eSJqkpwXhc #CyberSecurity #CISA #tplink #CVE202350224 #CVE20259377 #Canada #CanadaCyberAwareness

    @FindSecCyber

    8 Sept 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. csirt_it: La Settimana Cibernetica del 7 settembre 2025 🔹aggiornamenti per molteplici prodotti 🔹Rilevato sfruttamento in rete delle CVE-2023-50224 e CVE-2025-9377 relative a prodotti TP-Link 🔹Sitecore: rilevato sfruttamento di vulnerabilità zero-day … https://t.co/FJ

    @Vulcanux_

    8 Sept 2025

    92 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. La Settimana Cibernetica del 7 settembre 2025 🔹aggiornamenti per molteplici prodotti 🔹Rilevato sfruttamento in rete delle CVE-2023-50224 e CVE-2025-9377 relative a prodotti TP-Link 🔹Sitecore: rilevato sfruttamento di vulnerabilità zero-day ⚠️#EPSS 🔗https://t.c

    @csirt_it

    8 Sept 2025

    125 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. به تازگی ۲ آسیب پذیری با کدهای شناسایی CVE-2025-9377 برای مودم TP-Link مدل Archer C7(EU) از نوع OS command execution و آسیب پذیری با کد شناسایی CVE-2023-50224 برای مدل TL-WR841N از نوع authentication

    @AmirHossein_sec

    6 Sept 2025

    120 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/J7WHEhguth #CyberSecurity

    @EpicPlain

    5 Sept 2025

    91 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🛡️ We added TP-Link TL-WR841N/ND and Archer C7 vulnerabilities CVE-2023-50224 & CVE-2025-9377 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/dlW52Mc5jG & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co

    @sirjameshackz

    4 Sept 2025

    95 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CISA señala las fallas CVE-2023-50224 y CVE-2025-9377 del enrutador TP-Link como explotadas activamente. CISA agregó dos vulnerabilidades de TP-Link a su lista de fallas explotadas activamente. #ciberseguridad #cybersecurity https://t.co/1rB6PVxlpN

    @EHCGroup

    4 Sept 2025

    26 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. CISA Flags TP-Link Router #flaws #CVE-2023-50224 and #CVE-2025-9377 as Actively Exploited https://t.co/pYBBIXe91t

    @AdliceSoftware

    4 Sept 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CISA Warns of Actively Exploited TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 #CyberSecurity #TPLink #CISA #CVE202350224 #CVE20259377 #RouterSecurity #HackingNews #Infosec #DataBreach #NetworkSecurity https://t.co/8mEvwasehs

    @cyashadotcom

    4 Sept 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. csirt_it: ‼️#TP-Link: rilevato lo sfruttamento attivo in rete delle vulnerabilità CVE-2023-50224 e CVE-2025-9377 Rischio: 🔴 Tipologia: 🔸 Authentication Bypass 🔸 Information Disclosure 🔸 Remote Code Execution 🔸 Spoofing 🔗 https://t.co/qpiAHIYDFP … https

    @Vulcanux_

    4 Sept 2025

    73 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. ‼️#TP-Link: rilevato lo sfruttamento attivo in rete delle vulnerabilità CVE-2023-50224 e CVE-2025-9377 Rischio: 🔴 Tipologia: 🔸 Authentication Bypass 🔸 Information Disclosure 🔸 Remote Code Execution 🔸 Spoofing 🔗 https://t.co/ZqYm1FX2Pg ⚠ Mitigazioni di

    @csirt_it

    4 Sept 2025

    45 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/D3XOcDdxKE

    @chundefined

    4 Sept 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/QXAF904nde https://t.co/eDmNEqvFDm

    @talentxfactor

    4 Sept 2025

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/czvUvdXA06

    @molari999

    4 Sept 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. The Hacker News - CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/WPfsjeM2rz

    @buzz_sec

    4 Sept 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/QUyPzlSG5p

    @DemolisherDigi

    4 Sept 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/a2vvN2KHXn https://t.co/Sfb3Bn73zs

    @RigneySec

    4 Sept 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/sFkBewug5b https://t.co/cAuXz7aybz

    @evanderburg

    4 Sept 2025

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-9377 #TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability https://t.co/zwPC0SUxY7

    @ScyScan

    3 Sept 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🛡️ We added TP-Link TL-WR841N/ND and Archer C7 vulnerabilities CVE-2023-50224 & CVE-2025-9377 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co

    @CISACyber

    3 Sept 2025

    6923 Impressions

    39 Retweets

    71 Likes

    7 Bookmarks

    6 Replies

    2 Quotes

  25. CVE-2025-9377 The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue aff… https://t.co/S4OF9Gb7Sd

    @CVEnew

    29 Aug 2025

    232 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. [CVE-2025-9377: HIGH] Critical RCE vulnerability found in TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9 parental control page. End-of-life products, update or replace for better security.#cve,CVE-2025-9377,#cybersecurity https://t.co/b2yC2BEutQ https://t.co/8MzKKxkm7R

    @CveFindCom

    29 Aug 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the software, granting unauthorized access to modify configuration, read and alter sensitive data, or disrupt services.CVE-2026-2249
  2. A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation.  A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This issue affects TL-WR841N v14: before 250908.CVE-2025-9014
  3. Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31CVE-2025-10150
  4. Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the network request so that a different piece of data gets downloaded. This vulnerability is fixed in 2.1.0.CVE-2025-59410
  5. A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening streams and then rapidly triggering the server to reset them—using malformed frames or flow control errors—an attacker can exploit incorrect stream accounting. Streams reset by the server are considered closed at the protocol level, even though backend processing continues. This allows a client to cause the server to handle an unbounded number of concurrent streams on a single connection. This CVE will be updated as affected product details are released.CVE-2025-8671

References

Sources include official advisories and independent security research.