Tp Link · Tl-Wr841N/Nd(Ms) V9 · CVE-2025-9377
**Name of the Vulnerable Software and Affected Versions**
TP-Link Archer C7(EU) V2 versions prior to 241108
TP-Link TL-WR841N/ND(MS) V9 versions prior to 241108
**Description**
An authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9 devices. Exploitation of this issue may allow a remote attacker to execute arbitrary commands. Both products have reached end-of-life (EOL) status. Recent activity indicates this vulnerability was exploited as part of the Salt Typhoon hack, impacting over 80 countries and potentially compromising data from a large number of individuals.
**Recommendations**
TP-Link Archer C7(EU) V2 versions prior to 241108: Upgrade to version 241108 or later.
TP-Link TL-WR841N/ND(MS) V9 versions prior to 241108: Upgrade to version 241108 or later.
If replacement is not an option, download and install the available patch.