CVE-2025-9377 is an authenticated remote command execution vulnerability classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command) affecting TP-Link Systems Inc. routers Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. The vulnerability resides in the Parental Control web interface, where user-supplied input is not properly sanitized before being incorporated into OS commands. This improper neutralization allows an attacker with authenticated access and high privileges to inject arbitrary OS commands, potentially leading to full system compromise. The affected firmware versions are those released before build 241108. Both products have reached end-of-life status, limiting official support and updates. The CVSS 4.0 base score is 8.6, reflecting network attack vector, low attack complexity, no user interaction, and high impact on confidentiality, integrity, and availability. Although no active exploits have been reported, the vulnerability's nature and severity make it a critical concern for affected users. The vendor recommends upgrading to newer hardware for better security and performance, but patches are available for those unable to replace devices immediately.

Successful exploitation of CVE-2025-9377 allows an authenticated attacker with high privileges to execute arbitrary OS commands remotely on affected TP-Link routers. This can lead to full device compromise, enabling attackers to manipulate network traffic, intercept sensitive data, create persistent backdoors, disrupt network availability, or pivot to internal networks. Given these routers often serve as gateways in home and small office environments, the impact extends to all connected devices, potentially exposing confidential information and critical infrastructure. The end-of-life status of the affected models exacerbates risk due to limited vendor support and patch availability. Organizations relying on these devices may face increased exposure to espionage, data breaches, and service outages, especially if attackers gain credentials through phishing or other means.

1. Immediately verify if your TP-Link Archer C7(EU) V2 or TL-WR841N/ND(MS) V9 routers are running firmware versions prior to 241108 and assess exposure. 2. Apply any available official patches or firmware updates from TP-Link for these models, even though they are end-of-life, to remediate the vulnerability. 3. If patching is not feasible, strongly consider replacing affected devices with newer, supported models that receive regular security updates. 4. Restrict access to the router's management interface by limiting it to trusted internal networks and disabling remote management where possible. 5. Enforce strong authentication mechanisms and change default credentials to reduce the risk of unauthorized access. 6. Monitor network traffic and device logs for unusual activity indicative of exploitation attempts. 7. Segment critical network assets away from vulnerable devices to limit potential lateral movement. 8. Educate users about phishing and credential security to prevent attackers from gaining the necessary authentication to exploit this vulnerability.