TP-Link Archer C7(EU) V2
Easy fix2 remedies
cpe:2.3:h:tp-link:archer_c7_(2.0):*:*:*:*:*:*:*, +3 more
Easy fix2 remedies
- < 241108
Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9 Authenticated Remote Command Execution Vulnerability
Vulnerability
Exploited
Patched
An authenticated remote command execution vulnerability has been identified in the Parental Control page of TP-Link Archer C7(EU) V2 routers prior to version 241108, and TL-WR841N/ND(MS) V9 routers also prior to version 241108. This vulnerability allows attackers to execute commands remotely on the affected devices.
Impact
Exploitation of this vulnerability allows for authenticated remote command execution on the affected TP-Link routers.
Reproduction
The vulnerability can be reproduced by first enabling the remote administration interface on the router, which is not the default setting. Once the interface is exposed to the internet, an attacker can authenticate using stolen credentials obtained through an unauthenticated file disclosure vulnerability, and then exploit the command injection vulnerability in the Parental Control page to achieve remote code execution.
Remediation
Users are advised to update to the latest firmware version 241108. Patched firmware for the Archer C7(EU) V2 and TL-WR841N/ND(MS) V9 can be downloaded from the TP-Link support website.
Added: Aug 29, 2025, 6:37 PM
Updated: Sep 3, 2025, 5:06 PM
Vulnerability Rating
Custom Algorithm
spread
8.1impact
7.5exploitability
6.6remediation
7.9relevance
0.4threat
8.5urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.