RCE in Tp-link Systems Inc. Archer C7(eu) V2
CVE-2025-9377
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 24…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.269 (96.5th percentile) — read the EPSS interpretation.
Affected products
- Tp-link Systems Inc. Archer C7(eu) V2 — versions 0
- Tp-link Systems Inc. Tl-wr841n/nd(ms) V9 — versions 0
Weakness classification (CWE)
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Public proof-of-concept exploits
References
- www.tp-link.com/us/support/faq/4365/ (vendor-advisory)
- www.tp-link.com/us/support/faq/4308/ (patch, vendor-advisory)
Frequently asked questions
- What is CVE-2025-9377?
- CVE-2025-9377 is a vulnerability in Tp-link Systems Inc. Archer C7(eu) V2, classified under OS Command Injection. Published 2025-08-29.
- Is CVE-2025-9377 known to be exploited?
- Yes. CVE-2025-9377 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2025-09-03), indicating it is being actively exploited. 6 public proof-of-concept repositories are indexed.