Oct 22, 2025Ravie LakshmananVulnerability / Community Safety
TP-Hyperlink has launched safety updates to handle 4 safety flaws impacting Omada gateway units, together with two crucial bugs that would end in arbitrary code execution.
The vulnerabilities in query are listed under –
CVE-2025-6541 (CVSS rating: 8.6) – An working system command injection vulnerability that might be exploited by an attacker who can log in to the online administration interface to run arbitrary instructions
CVE-2025-6542 (CVSS rating: 9.3) – An working system command injection vulnerability that might be exploited by a distant unauthenticated attacker to run arbitrary instructions
CVE-2025-7850 (CVSS rating: 9.3) – An working system command injection vulnerability that might be exploited by an attacker in possession of an administrator password of the online portal to run arbitrary instructions
CVE-2025-7851 (CVSS rating: 8.7) – An improper privilege administration vulnerability that might be exploited by an attacker to acquire the basis shell on the underlying working system below restricted circumstances
“Attackers could execute arbitrary instructions on the system’s underlying working system,” TP-Hyperlink mentioned in an advisory launched Tuesday.
The problems affect the next product fashions and variations –
ER8411
ER7412-M2
ER707-M2
ER7206
ER605
ER706W
ER706W-4G
ER7212PC
G36
G611
FR365
FR205
FR307-M2
Whereas TP-Hyperlink makes no point out of the failings being exploited within the wild, it is suggested that customers transfer rapidly to obtain and replace to the most recent firmware to repair the vulnerabilities.
“Test the configurations of the system after the firmware improve to make sure that all settings stay correct, safe, and aligned with their meant preferences,” it added.
It additionally famous in a disclaimer that it can’t bear any duty for any penalties that will come up if the aforementioned advisable actions should not adhered to.
