U.S. CISA Adds TP-Link Archer C7(EU) and TL-WR841N Flaws to Its Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken a crucial step in protecting the nation's networks by adding two new flaws to its Known Exploited Vulnerabilities (KEV) catalog. The two affected devices are the TP-Link Archer C7(EU) and TL-WR841N, both of which pose significant security risks to individuals and organizations alike.

CVE-2023-50224: A Critical Flaw in TP-Link's httpd Service

The first flaw, identified as CVE-2023-50224, is a critical vulnerability in the httpd service (port 80) of the TP-Link TL-WR841N router. This issue allows unauthenticated, network-adjacent attackers to disclose stored credentials, rendering the device's security defenses useless. According to CISA's advisory, authentication is not required to exploit this vulnerability, making it a particularly dangerous threat.

"The specific flaw exists within the httpd service, which listens on TCP port 80 by default," explains the advisory. "The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise."

CVE-2025-9377: A Remote Code Execution (RCE) Flaw in TP-Link Archer C7(EU)

The second flaw, identified as CVE-2025-9377, is an authenticated RCE (Remote Code Execution) vulnerability that affects the TP-Link Archer C7(EU) V2 (pre-241108) and TL-WR841N/ND(MS) V9 (pre-241108) devices. Both of these devices are End of Life, making them a prime target for attackers.

The flaw was disclosed by researcher Aleksandar Djurdjevic 'revengsmK' through the Zero Day initiative. CISA urges customers to replace these devices or apply the patch as soon as possible, as they pose a significant risk to networks.

A Call to Action from CISA and Experts

The addition of these flaws to the KEV catalog serves as a reminder that network security is everyone's responsibility. CISA orders federal agencies to fix the vulnerabilities by September 24, 2025, while private organizations are also advised to review the catalog and address the vulnerabilities in their infrastructure.

"Experts recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure," says [Your Name]. "This is a critical reminder that network security is not just someone else's problem; it's ours collectively."

Conclusion

The addition of TP-Link Archer C7(EU) and TL-WR841N flaws to the KEV catalog underscores the importance of staying vigilant in the face of emerging threats. By taking proactive steps to address these vulnerabilities, individuals and organizations can significantly reduce their risk of falling prey to these attacks.

Stay up-to-date with the latest security news by following me on Twitter: @securityaffairs and Facebook and Mastodon