CVE-2025-9377

Name of the Vulnerable Software and Affected Versions TP-Link Archer C7(EU) V2 versions prior to 241108 TP-Link TL-WR841N/ND(MS) V9 versions prior to 241108

Description An authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9 devices. Exploitation of this issue may allow a remote attacker to execute arbitrary commands. Both products have reached end-of-life (EOL) status. Recent activity indicates this vulnerability was exploited as part of the Salt Typhoon hack, impacting over 80 countries and potentially compromising data from a large number of individuals.

Recommendations TP-Link Archer C7(EU) V2 versions prior to 241108: Upgrade to version 241108 or later. TP-Link TL-WR841N/ND(MS) V9 versions prior to 241108: Upgrade to version 241108 or later. If replacement is not an option, download and install the available patch.