CVE-2025-9377

Confirmed PUBLISHED

Authenticated RCE via Parental Control command injection

TP-Link Systems Inc. · Archer C7(EU) V2, TL-WR841N/ND(MS) V9

1 day faster than CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
8.6 High EPSS 11.7%

At a Glance

The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It's recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es).

cisa edge
CVE Published
Aug 29, 2025
Exploitation Reported
Jun 01, 2026
CVSS
8.6 High
EPSS
11.7%
Remote Low complexity No user interaction

Affected Versions

Vendor Product Version Status
TP-Link Systems Inc.
Archer C7(EU) V2

0 to < 241108

Affected
TP-Link Systems Inc.
TL-WR841N/ND(MS) V9

0 to < 241108

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.