Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-9377

The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It's recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es).

Published

2025-08-29T18:15:43.220

Last Modified

2025-09-04T13:41:48.497

Status

Analyzed

Source

f23511db-6c3e-4e32-a477-6aa17d310630

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	tp-link	tl-wr841n_firmware	< 241108	Yes
Hardware	tp-link	tl-wr841n	v9	No
Operating System	tp-link	tl-wr841nd_firmware	< 241108	Yes
Hardware	tp-link	tl-wr841nd	9	No
Operating System	tp-link	archer_c7_firmware	< 241108	Yes
Hardware	tp-link	archer_c7	2.0	No

References

https://www.tp-link.com/us/support/faq/4308/ Product (f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/faq/4365/ Vendor Advisory (f23511db-6c3e-4e32-a477-6aa17d310630)