CISA sounds alarm over TP-Link wireless routers under attack

Infosec in brief The US Cybersecurity and Infrastructure Security Agency (CISA) has said two flaws in routers made by Chinese networking biz TP-Link are under active attack and need to be fixed – but there's another flaw being exploited as well.

CISA warned that two flaws, CVE-2023-50224 and CVE-2025-9377, have been exploited in the wild by persons unknown. The first issue allows an attacker without authentication to find authentication credentials by subverting httpd, while the second exposes the Archer C7(EU) V2 and TL-WR841N/ND(MS) V9 routers to remote code execution.

"CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice," the agency warned.

Security officials had already warned about the growing influence of TP-Link in the American hardware market, with Rob Joyce, former head of the NSA's hacking team, noting that ...