TP-Link Archer C7 & TL-WR841N RCE via Parental Control page
CVE-2025-9377 Published on August 29, 2025

Authenticated RCE via Parental Control command injection
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It's recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es).

Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

The following remediation steps are recommended / required by September 24, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weakness Type

What is a Shell injection Vulnerability?

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE-2025-9377 has been classified to as a Shell injection vulnerability or weakness.


Affected Versions

TP-Link Systems Inc. Archer C7(EU) V2: TP-Link Systems Inc. TL-WR841N/ND(MS) V9:

Exploit Probability

EPSS
15.60%
Percentile
94.56%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.