TP-Link has issued an urgent security advisory warning users of multiple command injection vulnerabilities found in its Omada gateway devices.
These gateways, which serve as all-in-one routers, firewalls, and VPN gateways for small and medium-sized businesses, are vulnerable to attacks that could let hackers execute arbitrary operating system commands.
Two of the newly disclosed flaws, tracked as CVE-2025-6541 and CVE-2025-6542, pose significant risks. The more severe of the two, CVE-2025-6542, carries a critical CVSS score of 9.3 and can be exploited remotely without authentication. This means attackers could compromise vulnerable devices over the internet without needing any credentials. The second flaw, CVE-2025-6541, has a slightly lower severity score of 8.6 and requires access to the web management interface, making it less easily exploitable but still dangerous.
According to TP-Link’s advisory, both vulnerabilities could allow attackers to execute arbitrary commands on the device’s underlying operating system. Successful exploitation could result in full device compromise, data theft, lateral movement within networks, and long-term persistence.
A total of 13 Omada gateway models are affected, including the ER8411, ER605, ER7206, ER707-M2, and others. TP-Link has released updated firmware versions for all impacted models, which patch the vulnerabilities. Users are strongly urged to apply the latest updates immediately and verify their configurations afterward to ensure all settings remain intact.
In a separate bulletin, TP-Link also disclosed two additional high-severity issues — CVE-2025-8750 (CVSS 9.3) and CVE-2025-7851 (CVSS 8.7). These flaws could allow authenticated attackers with admin access to execute arbitrary commands or even gain shell access with root privileges on the device’s underlying operating system. Both vulnerabilities affect the same Omada gateway models listed in the earlier advisory.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
The company confirmed that the latest firmware releases address all four vulnerabilities. Users are advised to update their devices immediately to protect their networks from potential exploitation.
