CVE-2025-9377

High KEV CVSS: 8.6

The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9.

This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108.

Both products have reached the status of EOL (end-of-life).
It's recommending to

purchase the new
product to ensure better performance and security. If replacement is not
an option in the short term, please use the second reference link to
download and install the patch(es).

Vendor

Tp-link

Product

Tl-wr841n Firmware

CWE

CWE-78

Yayın Tarihi

2025-08-29 18:15:43

Güncelleme

2025-11-03 18:55:06

Source Identifier

f23511db-6c3e-4e32-a477-6aa17d310630

KEV Date Added

2025-09-03

Kategoriler

CWE-78 Tl-wr841n Firmware HIGH Tp-link 2025

Referanslar

https://www.tp-link.com/us/support/faq/4308/ https://www.tp-link.com/us/support/faq/4365/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-9377

Benzer Kayıtlar

High

CVE-2026-34122

A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling c…

High

CVE-2026-34124

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic.…

High

CVE-2026-34118

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logi…

High

CVE-2026-34119

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when…

High

CVE-2026-34120

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of…

High

CVE-2026-34121

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v…