Details of VAR-202508-2645

ID

VAR-202508-2645

CVE

CVE-2025-9377

TITLE

plural TP-LINK Technologies In the product OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-013144

DESCRIPTION

The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It's recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es). TP-LINK Technologies of TL-WR841N firmware, TL-WR841ND firmware, Archer C7 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-9377 // JVNDB: JVNDB-2025-013144

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-wr841n	scope:	lt	version:	241108	Trust: 1.0
vendor:	tp link	model:	tl-wr841nd	scope:	lt	version:	241108	Trust: 1.0
vendor:	tp link	model:	archer c7	scope:	lt	version:	241108	Trust: 1.0
vendor:	tp link	model:	tl-wr841n	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	archer c7	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-wr841nd	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-013144 // NVD: CVE-2025-9377

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-9377
value:	HIGH
Trust: 1.0
f23511db-6c3e-4e32-a477-6aa17d310630:	CVE-2025-9377
value:	HIGH
Trust: 1.0
NVD:	CVE-2025-9377
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2025-9377
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2025-9377
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-013144 // NVD: CVE-2025-9377 // NVD: CVE-2025-9377

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-013144 // NVD: CVE-2025-9377

EXTERNAL IDS

db:	NVD	id:	CVE-2025-9377	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-013144	Trust: 0.8

sources: JVNDB: JVNDB-2025-013144 // NVD: CVE-2025-9377

REFERENCES

url:	https://www.tp-link.com/us/support/faq/4308/	Trust: 1.8
url:	https://www.tp-link.com/us/support/faq/4365/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-9377	Trust: 0.8
url:	https://www.cisa.gov/known-exploited-vulnerabilities-catalog	Trust: 0.8

sources: JVNDB: JVNDB-2025-013144 // NVD: CVE-2025-9377

SOURCES

db:	JVNDB	id:	JVNDB-2025-013144
db:	NVD	id:	CVE-2025-9377

LAST UPDATE DATE

2025-09-10T23:44:10.162000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-013144	date:	2025-09-05T08:43:00
db:	NVD	id:	CVE-2025-9377	date:	2025-09-04T13:41:48.497

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-013144	date:	2025-09-05T00:00:00
db:	NVD	id:	CVE-2025-9377	date:	2025-08-29T18:15:43.220