cbcvebase.

Tp-Link Archer C7 Firmware vulnerabilities

5 known vulnerabilities affecting tp-link/archer_c7_firmware.

Total CVEs
5
CISA KEV
2
actively exploited
Public exploits
1
Exploited in wild
2
Severity breakdown
HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2015-3035P1HIGHCVSS 7.5KEVPoCfixed in 1503042015-04-22
CVE-2015-3035 [HIGH] CWE-22 CVE-2015-3035: Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) w Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.
nvd
CVE-2025-9377P1HIGHCVSS 7.2KEVfixed in 2411082025-08-29
CVE-2025-9377 [HIGH] CWE-78 CVE-2025-9377: The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It's recommending to purchase the new product to ens
nvd
CVE-2026-5363P3HIGHCVSS 8.8fixed in 1.2.12026-04-16
CVE-2026-5363 [HIGH] CWE-326 CVE-2026-5363: Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allow Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to intercept network traffic could potentially perform a brute-f
nvd
CVE-2023-39224P3HIGHCVSS 8.0fixed in 2306022023-09-06
CVE-2023-39224 [HIGH] CWE-78 CVE-2023-39224: Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' a Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.
nvd
CVE-2023-2646P4MEDIUMCVSS 6.5v1801142023-05-11
CVE-2023-2646 [MEDIUM] CWE-404 CVE-2023-2646: A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerabilit
nvd
Tp-Link Archer C7 Firmware vulnerabilities | cvebase