TP-Link has issued a warning to users about two vulnerabilities affecting some end-of-life (EOL) router models; the vulnerabilities are exploiting at least two small office/home routers which are then being used to attack Microsoft 365 accounts. According to the Malwarebytes Lab blog, the routers known to be affected so far are the Archer C7 and the TL-WR841N/ND routers. Though they have reached end-of-life status, TP-Link has released firmware updates to address the vulnerabilities for users.
The two vulnerabilities are CVE-2025-50224, a flaw which allows passwords to be stolen from the router, and CVE-2025-9377, a known Parental Control common injection RCE exploit. This flaw allows attackers to run code on the router. The vulnerabilities are chained together to add vulnerable routers to a botnet. The botnet being used in these attacks is called Quad7, or 7777, and it utilizes the infected routers in password-spraying attacks against Microsoft 365 accounts.
For those unfamiliar, Password-spraying is a hacking technique wherein threat actors try common passwords against multiple accounts or use many common passwords on a single account in the hopes that one will grant them access. Microsoft had previously warned about this botnet, specifically last year, but at that time there were no known vulnerabilities. The Quad7 botnet uses thousands of IP addresses from both home and small business users, which makes detection difficult.
The company is investigating reports of possible vulnerabilities in other models, while CISA (the U.S. Cybersecurity and Infrastructure Security Agency) has also issued advisories for these two flaws.
How to stay safe
If you own one of the affected TP-Link routers, you should immediately update your firmware. You should also change your router’s administrator password to a strong, unique one if you haven’t recently, and disable any remote management features (unless they are absolutely necessary). Check that your parental control pages are only available to users who have been given proper authentication. Likewise, you should probably look into updating your home networking gear with one of the best Wi-Fi routers or if you have a larger home or apartment, one of the best mesh Wi-Fi systems.
Microsoft 365 users meanwhile, should also take steps to protect their accounts from the botnet attacks. First, update passwords, making sure to use a strong and unique one for your account instead of reusing passwords which puts you at serious risk online. Use one of the best password managers if you don’t already. Also, you want to enable two-factor or multi-factor authentication on your account if you haven’t already, which will keep it safe from unauthorized access by hackers even if they manage to get ahold of your password.
Always keep an eye out for any suspicious activity on your accounts, and review login history, update your passwords regularly and run a security check on your computer using the best antivirus software. Finally, make sure to keep your software and devices up to date, or set them to update automatically.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
More from Tom's Guide
- Google just fixed 84 Android security flaws including two actively exploited zero-days — update your phone right now
- PayPal users under attack from sophisticated new phishing scam — don't fall for this
- Major US delivery company hit in data breach with full names, SSNs and medical info of thousands exposed online
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
