TP-Link Patches Four Omada Gateway Flaws Two Allow Remote Code Execution

TP-Link has released important security updates for its Omada Gateway series after discovering four major vulnerabilities that could put network devices at risk. Out of these four flaws, two are especially dangerous because they allow attackers to run their own code on the device and potentially take complete control of it. The company has urged all users to update their firmware as soon as possible to stay protected.

The first critical flaw, tracked as CVE-2025-6542, is an unauthenticated command injection vulnerability with a severity score of 9.3. This means that attackers can exploit it remotely without needing to log in to the device. Once exploited, the attacker can execute arbitrary commands on the device’s operating system, which can compromise the entire network connected to that gateway.

The second flaw, CVE-2025-6541, also involves command injection, but it requires the attacker to log into the device’s web management interface. With a severity score of 8.6, it’s still highly dangerous because it allows attackers with credentials to execute system-level commands, giving them deep control over the device.

Two additional flaws were also fixed by TP-Link CVE-2025-7850 and CVE-2025-7851. The first allows OS command injection if the attacker already has administrator credentials, with a severity score of 9.3. The second is a privilege management issue that, under certain conditions, can allow an attacker to obtain root access to the device, rated 8.7 on the severity scale. Together, these four flaws represent a significant risk to users who have not yet applied the latest firmware updates.

The affected products belong to TP-Link’s Omada Gateway lineup, which includes several popular models such as ER8411, ER7412-M2, ER707-M2, ER7206, ER605, ER706W, ER7212PC, G36, G611, FR365, FR205, and FR307-M2. Each model has specific firmware versions that are vulnerable, and TP-Link has provided updated firmware versions to patch the issues.

According to TP-Link’s advisory, no active attacks exploiting these vulnerabilities have been detected so far. However, the company warns that attackers could use these flaws to gain full control of affected devices if left unpatched. Once compromised, a hacker could install malicious software, steal sensitive data, or use the device to launch attacks on other systems within the network.

To protect themselves, users should check their device model and firmware version against TP-Link’s official security bulletin. If their device is listed, they must download and install the latest firmware update immediately. After updating, users should review their network settings, change administrative passwords if necessary, and disable unnecessary remote access options to strengthen overall security.

In summary, these vulnerabilities in TP-Link’s Omada Gateway devices highlight the importance of keeping firmware up to date. Two of the flaws allow remote code execution, which can completely compromise a network device. Installing the latest security patches is the best and only way to stay protected from potential attacks.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news