InfoSecBulletin Cybersecurity for mankind
TP-Link Systems has released a firmware update that fixes four serious vulnerabilities in its Omada gateway series, like ER605, ER7206, and ER8411, commonly used in businesses. These flaws—CVE-2025-6541, CVE-2025-6542, CVE-2025-7850, and CVE-2025-7851—can let attackers run arbitrary commands on the devices, sometimes without needing authentication.
According to TP-Link’s advisory, “An arbitrary OS command may be executed on Omada gateways by the user who can log in to the web management interface or by a remote unauthenticated attacker.”
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Critical Cisco ISE Vulnerability Enables Remote Code Execution
F5 Patches NGINX Flaw for Code Execution and DoS Attacks
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
New Rokarolla Android malware hits 217 banking and crypto apps
Phishing Campaign Exploits Legitimate Microsoft Login Flow
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
The two most critical vulnerabilities are:
CVE-2025-6542 (CVSS 9.3 – Critical): Enables remote unauthenticated attackers to execute arbitrary OS commands.
CVE-2025-6541 (CVSS 8.6 – High): Allows authenticated users to execute arbitrary commands through the web management interface.
Both vulnerabilities impact several Omada gateway models, risking full system compromise for network administrators if not fixed. TP-Link warns that “Attackers may execute arbitrary commands on the device’s underlying operating system.”
In addition to the above, TP-Link has disclosed two related command injection issues affecting the same product line:
CVE-2025-7850 (CVSS 9.3): A command injection vulnerability may be exploited after the admin’s authentication on the web portal on Omada gateways.
CVE-2025-7851 (CVSS 8.7): An attacker may obtain the root shell on the underlying with restricted conditions on Omada gateways.
Authenticated users or anyone with compromised admin credentials could gain root access, bypassing all device protections.
The following Omada products are impacted by one or more of the above vulnerabilities:
TP-Link urges all customers to promptly install the latest firmware updates to reduce risks from these vulnerabilities.
Administrators should check device settings and change admin passwords after the update to avoid exploitation from leaked credentials. TP-Link suggests limiting management access to trusted networks and using network segmentation when possible.
