TP-Hyperlink is warning customers that a few of its Omada gateways are affected by a number of vulnerabilities, together with vital flaws.
The networking big has printed two advisories this week to tell prospects about 4 safety holes in Omada gateway units. Greater than a dozen ER, G and FR collection product fashions are affected and TP-Hyperlink has launched firmware patches for every of them.
Essentially the most critical of the vulnerabilities seems to be CVE-2025-6542. It has a CVSS rating of 9.3 and it could possibly enable a distant, unauthenticated attacker to execute arbitrary OS instructions on the focused system.
Whereas it has not been confirmed by the seller, a majority of these vulnerabilities can usually enable an attacker to take full management of impacted units.
One other flaw with a ‘vital severity’ ranking is CVE-2025-7850, described as a command injection difficulty that may be exploited by an attacker who has admin entry to the net portal of Omada gateways.
The 2 remaining vulnerabilities have been rated ‘excessive severity’. CVE-2025-7851 permits an attacker to acquire root entry to a tool, whereas CVE-2025-6541 may be exploited for OS command execution by an authenticated attacker.
The seller has suggested prospects to not solely replace the firmware on their system, but in addition to vary its password.
It’s not unusual for risk actors to use TP-Hyperlink product vulnerabilities of their assaults. Commercial. Scroll to proceed studying.
Associated: US Lawmakers Need Investigation Into TP-Hyperlink Over Chinese language Hacking Fears
Associated: Cisco Routers Hacked for Rootkit Deployment
Associated: Unauthenticated RCE Flaw Patched in DrayTek Routers
