U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities (KEV) catalog.
Below are the descriptions for these flaws:
- CVE-2023-50224 (CVSS score of 6.5) TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
- CVE-2025-9377 (CVSS score of 8.6) TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability
CVE-2023-50224 is a TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure vulnerability. The flaw resides in the httpd service (port 80) that allows unauthenticated, network-adjacent attackers to disclose stored credentials.
“This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability.” reads the advisory.
“The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.”
The researchers Aleksandar Djurdjevic ‘revengsmK’ disclosed the flaw through the Zero Day initiative.
CVE-2025-9377 is an authenticated RCE flaw that affects TP-Link Archer C7(EU) V2 (pre-241108) and TL-WR841N/ND(MS) V9 (pre-241108).
Both devices are End of Life and the vendor urges customers to replace them or apply the patch.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerabilities by September 24, 2025.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, cisa)
