CISA Warns: TP-Link Vulnerabilities Under Active Exploitation
gbhackersThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding critical vulnerabilities in popular TP-Link router models that are currently being actively exploited by cybercriminals.
These security flaws affect widely-used home and small business networking devices, putting millions of users at risk.
Critical Vulnerabilities Identified
Two severe vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, both carrying immediate security implications for users of affected TP-Link devices.
The first vulnerability, CVE-2025-9377, represents an OS command injection flaw affecting TP-Link Archer C7(EU) and TL-WR841N/ND(MS) models.
This vulnerability exists within the Parental Control page of the router’s administration interface, allowing attackers to execute arbitrary system commands on the device.
| CVE ID | Affected Models | Vulnerability Type | CWE | Date Added | Due Date |
| CVE-2025-9377 | TP-Link Archer C7(EU), TL-WR841N/ND(MS) | OS Command Injection | CWE-78 | 2025-09-03 | 2025-09-24 |
| CVE-2023-50224 | TP-Link TL-WR841N | Authentication Bypass by Spoofing | CWE-290 ... |
Copyright of this story solely belongs to gbhackers . To see the full text click HERE