Worrying TP-Link router flaws could let botnets attack your Microsoft 365 accounts – so update now - InfoSunrise – Daily Insights Across Tech, Travel, Lifestyle & More

TP-Link patches two vulnerabilities in older SOHO routers
Chinese threat actor Quad7 used the botnet for broad password-spraying attacks
The flaws were severe enough to warrant firmware updates, despite the routers being end-of-life

TP-Link has patched two vulnerabilities affecting some of its small office/home office (SOHO) routers ^[1], which were apparently used by Chinese actors to create a malicious botnet used to target Microsoft ^[2] 365 accounts.

In a security advisory, TP-Link said it was notified of two flaws: CVE-2025-50224 and CVE-2025-9377, being chained together against Archer C7 and TL-WR841N/ND routers. The former is an authentication bypass vulnerability with a medium-severity score (6.5/10) while the latter is a high-severity remote command execution (RCE) vulnerability, with a score of 8.6/10.

The routers being targeted reached their end-of-life (EoL) status, meaning they should no longer be receiving security updates or patches. However, given the severity of the attacks, TP-Link still decided to issue a firmware update.

CISA’s warnings

The group exploiting these flaws is called Quad7 (AKA 7777), a Chinese threat actor which has also been linked to state-sponsored cyber-espionage campaigns.

In this instance, the group used the botnet to perform password-spraying attacks against Microsoft 365 accounts. It doesn’t seem to be targeting any specific demographic, meaning everyone is equally at risk.

Malwarebytes^[3] research said some ISPs provide their customers with TP-Link’s routers, urging users to double-check which devices they’re running in their homes and offices.

“Several ISPs have used the TP-Link Archer C7 and TL-WR841N/ND routers, sometimes rebranding them for distribution to customers, especially in Europe and North America,” it says. “For example, Dutch ISP Ziggo is known to have rebranded the TP-Link Archer C7 as the “Wifibooster Ziggo C7”, supplying it to customers with Ziggo-specific firmware.”

At the same time, the US Cybersecurity and Infrastructure Security Agency (CISA) also issued advisories for these flaws. One of the flaws – CVE-2025-9377 – was added to its Known Exploited Vulnerabilities (KEV) catalog on Wednesday, August 3, giving FCEB agencies three weeks to apply the patch or replace the hardware.

In fact, CISA recently added three TP-LINK flaws to KEV, CyberInsider^[4] reported, including CVE-2023-50224 (an authentication bypass by spoofing vulnerability), and CVE-2020-24363 (a factory reset and reboot trigger via a TDDP_RESET POST request).

Via Malwarebytes^[5]

References

^{^} routers (www.techradar.com)
^{^} Microsoft (www.techradar.com)
^{^} Malwarebytes (www.anrdoezrs.net)
^{^} CyberInsider (cyberinsider.com)
^{^} Malwarebytes (www.anrdoezrs.net)

Worrying TP-Link router flaws could let botnets attack your Microsoft 365 accounts – so update now

Byadmin

CISA’s warnings

You might also like

References

Related

By admin

Related Post

I reviewed this UGreen charger and it’s phenomenally convenient thanks to this one ingenious feature

I saw the first RGB TV that you’ll be able to buy at a remotely realistic size, and it’s a real OLED rival

Snapchat’s new AI Imagine Lens lets you become whoever you can describe

You missed

Rude plane passenger finds out what happens when you tell flight attendant ‘shut up’

Lisbon funicular crash: Kayleigh Smith’s poignant final Instagram post before tragic death

Denmark 0 Scotland 0: PLAYER RATINGS – Who justified his selection in Steve Clarke’s defence? Which player was lucky to avoid a red? And who passed up a golden opportunity for the visitors?

Free agent XI: A World Cup winner, five former Premier League stars and a six-cap England international… the best players without a club who can still be signed after deadline day