Main Vulnerability Database SB2025102305

SB2025102305 - Multiple vulnerabilities in TP-Link Omada gateways

Published: October 23, 2025

Security Bulletin ID SB2025102305

CSH Severity

Critical

Patch available

YES

Number of vulnerabilities 4

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 4 vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-7851)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due improperly imposed security restrictions. A remote authenticated user can obtain root privileges on the device.

2) OS Command Injection (CVE-ID: CVE-2025-7850)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the web portal. A remote authenticated user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) OS Command Injection (CVE-ID: CVE-2025-6542)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Red

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the management interface. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

4) OS Command Injection (CVE-ID: CVE-2025-6541)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the management interface. A remote privileged user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

Vulnerable Software

Omada ER8411: before 1.3.3 20251013 Rel.44647
Omada ER7412-M2: before 1.1.0 20251015 Rel.63594
Omada ER707-M2: before 1.3.1 20251009 Rel.67687
Omada ER7206: before 2.2.2 20250724 Rel.11109
Omada ER605: before 2.3.1 20251015 Rel.78291
Omada ER706W: before 1.2.1 20250821 Rel.80909
Omada ER706W-4G: before 1.2.1 20250821 Rel.82492
Omada ER7212PC: before 2.1.3 20251016 Rel.82571
Omada G36: before 1.1.4 20251015 Rel.84206
Omada G611: before 1.2.2 20251017 Rel.45512
Omada FR365: before 1.1.10 20250626 Rel.81746
Omada FR205: before 1.0.3 20251016 Rel.61376
Omada FR307-M2: before 1.2.5 20251015 Rel.76743

SB2025102305 - Multiple vulnerabilities in TP-Link Omada gateways

Breakdown by Severity

Description

Remediation

References

Please verify you're human