Please read and review the article below, check your devices with the links provided and ensure you have the latest firmware on your TP-Link that is available. Also if your router has a feature named CWMP, DISABLE it immediately and reboot the router.
CVE-2023-50224 is an authentication bypass flaw, and CVE-2025-9377 is a command injection flaw. When chained together, they allow threat actors to gain remote code execution on vulnerable TP-Link devices.
The current TP-Link router I use is an Archer AX21 (1800) that was vulnerable to this back in 2023 when it was first given an CVE. Double checking things I am on the release TP-Link alerted me to and installed on the router. Make sure you all check the TP-Link website for firmware, log into your routers and update.