TP-Link has recently issued security patches to address four significant vulnerabilities in its Omada gateway devices, two of which are critical and could lead to arbitrary code execution. These vulnerabilities, identified as CVE-2025-6541, CVE-2025-6542, CVE-2025-7850, and CVE-2025-7851, pose substantial risks to network security.
Detailed Overview of the Vulnerabilities:
1. CVE-2025-6541 (CVSS Score: 8.6): This vulnerability involves an operating system command injection that can be exploited by attackers with access to the web management interface, allowing them to execute arbitrary commands on the device.
2. CVE-2025-6542 (CVSS Score: 9.3): A more severe command injection flaw that enables remote, unauthenticated attackers to run arbitrary commands on the device, potentially leading to full system compromise.
3. CVE-2025-7850 (CVSS Score: 9.3): This issue allows attackers possessing administrative credentials for the web portal to execute arbitrary commands, highlighting the importance of secure credential management.
4. CVE-2025-7851 (CVSS Score: 8.7): An improper privilege management vulnerability that could permit attackers to obtain root shell access under certain conditions, granting them extensive control over the device.
Affected Models and Firmware Versions:
The vulnerabilities impact a range of TP-Link Omada gateway models and their respective firmware versions:
– ER8411: Versions prior to 1.3.3 Build 20251013 Rel.44647
– ER7412-M2: Versions prior to 1.1.0 Build 20251015 Rel.63594
– ER707-M2: Versions prior to 1.3.1 Build 20251009 Rel.67687
– ER7206: Versions prior to 2.2.2 Build 20250724 Rel.11109
– ER605: Versions prior to 2.3.1 Build 20251015 Rel.78291
– ER706W: Versions prior to 1.2.1 Build 20250821 Rel.80909
– ER706W-4G: Versions prior to 1.2.1 Build 20250821 Rel.82492
– ER7212PC: Versions prior to 2.1.3 Build 20251016 Rel.82571
– G36: Versions prior to 1.1.4 Build 20251015 Rel.84206
– G611: Versions prior to 1.2.2 Build 20251017 Rel.45512
– FR365: Versions prior to 1.1.10 Build 20250626 Rel.81746
– FR205: Versions prior to 1.0.3 Build 20251016 Rel.61376
– FR307-M2: Versions prior to 1.2.5 Build 20251015 Rel.76743
Recommendations for Users:
TP-Link advises all users of the affected models to promptly update their devices to the latest firmware versions to mitigate these vulnerabilities. After updating, it’s crucial to review and confirm that all device configurations remain accurate and secure, aligning with intended preferences. This step ensures that the update process has not altered any critical settings.
Contextual Background:
This release is part of TP-Link’s ongoing efforts to enhance device security. In recent years, TP-Link has addressed multiple vulnerabilities across its product lines. For instance, in September 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two TP-Link router flaws, CVE-2023-50224 and CVE-2025-9377, to its Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild. Similarly, in June 2025, CISA issued an alert for CVE-2023-33538, a command injection vulnerability in TP-Link routers, emphasizing the importance of timely firmware updates.
Conclusion:
The discovery and patching of these vulnerabilities underscore the critical need for regular firmware updates and vigilant network security practices. Users are encouraged to stay informed about potential threats and to apply security patches promptly to protect their networks from potential exploits.
