TP-Link has issued a security advisory addressing two significant vulnerabilities affecting multiple Omada gateway models. Organizations using these devices should prioritize patching to mitigate potential security risks.
While the vulnerabilities require adjacent network access and high-level privileges which limit the attack surface, the critical and high severity ratings reflect the serious nature of these flaws.
The first vulnerability, tracked as CVE-2025-7850 and rated with a critical CVSS store of 9.3, involves involves a command injection flaw that can be exploited following administrator authentication on the gateway’s web portal where malicious commands can be injected and executed by the device. CVE-2025-7851, also rated high, enables an attacker to obtain root shell access on the gateway’s underlying operating system under restricted conditions. Root access provides complete system-level control over the affected device.
Both vulnerabilities could allow attackers to execute arbitrary commands on the device’s operating system potentially allowing unauthorized modification of network configurations, interception of network traffic, lateral movement to connected systems, and service disruption and availability issues
The vulnerabilities require adjacent network access and high-level privileges, which provides some limitation to the attack surface. However, the critical and high severity ratings reflect the serious nature of these flaws.
The affected Omada gateway models include:
- ER8411, ER7412-M2, ER707-M2
- ER7206, ER605
- ER706W, ER706W-4G
- ER7212PC
- G36, G611
- FR365, FR205, FR307-M2
TP-Link strongly recommends that organizations with affected devices apply the latest firmware updates and change all administrative passwords.
Gateway devices play a vital role in network security architecture. Regular patching and strong security practices at this level help safeguard all the systems and data behind them.
Review the official TP-Link security advisory here for additional details including affected version information and firmware update information.
Leave a Reply