TP-Link reveals several hardware security issues, so patch now or be at risk

TP-Link fixed four Omada gateway bugs, two rated critical to code execution
Three were command injection errors; an allowed root shell via mismanagement of privileges
Multiple models affected; a critical bug requires no approval for exploitation

Network equipment manufacturer TP-Link has patched four vulnerabilities discovered in its Omada gateway products, including two critical severities that could allow arbitrary code execution.

In a security advisory, TP-Link said three out of four bugs were command injection vulnerabilities. The fourth was an improper privilege management error.

Both critical levels were command injection bugs and are tracked as CVE-2025-6542 and CVE-2025-7850, both of which have a severity score of 9.3/10. For the latter, an attacker must also have administrator access to the web portal, while for the former, no authorization is needed.

Numerous models affected

The other two bugs are tracked as CVE-2025-6541 (score 8.6/10) and CVE-2025-7851. The first can be exploited by users with access to the web management interface, while the second is the improper privilege management – allowing threat actors to obtain the root shell of the underlying operating system.

Several product models and versions are said to be affected. Here is the full list:

ER8411 < 1.3.3 Build 20251013 Rel.44647

ER7412-M2 < 1.1.0 Build 20251015 Rel.63594

ER707-M2 < 1.3.1 Build 20251009 Rel.67687

ER7206 < 2.2.2 Build 20250724 Rel.11109

ER605 < 2.3.1 Build 20251015 Rel.78291

ER706W < 1.2.1 Build 20250821 Rel.80909

ER706W-4G < 1.2.1 Build 20250821 Rel.82492

ER7212PC < 2.1.3 Build 20251016 Rel.82571

G36 < 1.1.4 Build 20251015 Rel.84206

G611 < 1.2.2 Build 20251017 Rel.45512

FR365 < 1.1.10 Build 20250626 Rel.81746

FR205 < 1.0.3 Build 20251016 Rel.61376

FR307-M2 < 1.2.5 Build 20251015 Rel.76743

TP-Link did not mention whether these flaws were exploited in the wild or not. But cybercriminals often wait for companies to release announcements before attacking, knowing that many organizations rarely apply the fixes on time.

Via Hacker News

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!

And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.

The best antivirus for all budgets

Our top picks are based on real-world tests and comparisons

Must Read

Leave a Comment Cancel Reply