TP-Link is warning users that some of its Omada gateways are affected by several vulnerabilities, including critical flaws.
The networking giant has published two advisories this week to inform customers about four security holes in Omada gateway devices. More than a dozen ER, G and FR series product models are affected and TP-Link has released firmware patches for each of them.
The most serious of the vulnerabilities appears to be CVE-2025-6542. It has a CVSS score of 9.3 and it can allow a remote, unauthenticated attacker to execute arbitrary OS commands on the targeted system.
While it has not been confirmed by the vendor, these types of vulnerabilities can typically allow an attacker to take full control of impacted devices.
Another flaw with a ‘critical severity’ rating is CVE-2025-7850, described as a command injection issue that can be exploited by an attacker who has admin access to the web portal of Omada gateways.
The two remaining vulnerabilities have been rated ‘high severity’. CVE-2025-7851 allows an attacker to obtain root access to a device, while CVE-2025-6541 can be exploited for OS command execution by an authenticated attacker.
The vendor has advised customers to not only update the firmware on their device, but also to change its password.
It’s not uncommon for threat actors to exploit TP-Link product vulnerabilities in their attacks.
UPDATE: Forescout, whose researchers discovered CVE-2025-7850 and CVE-2025-7851, has published a blog post detailing these flaws.
Related: US Lawmakers Want Investigation Into TP-Link Over Chinese Hacking Fears
Related: Cisco Routers Hacked for Rootkit Deployment
Related: Unauthenticated RCE Flaw Patched in DrayTek Routers
