EXECUTIVE SUMMARY:
A set of critical vulnerabilities have been identified in TP-Link Omada Gateway devices, tracked as CVE-2025-6541, CVE-2025-6542, CVE-2025-7850, and CVE-2025-7851. These flaws affect multiple Omada Gateway models and could allow remote attackers—either unauthenticated or with stolen credentials—to execute arbitrary commands, manipulate device configurations, intercept or redirect network traffic, and achieve full compromise of the gateway and connected networks.
- CVE-2025-6541: Rated High severity (8.6), this flaw affects authenticated web-management interfaces. Attackers with stolen or phished credentials could execute arbitrary commands, modify configurations, or escalate privileges to gain complete control of the device.
- CVE-2025-6542: This vulnerability carries a CVSS v3.1 score of 9.3 (Critical) and allows unauthenticated remote attackers to execute arbitrary operating-system commands on affected devices. Exploitation can result in full device compromise, persistent access, and potential lateral movement across enterprise or SMB networks.
- CVE-2025-7850: Also, critical (CVSS 9.3), this issue allows post-authentication command injection, giving attackers the ability to manipulate device operations and potentially deploy persistent malicious payloads.
- CVE-2025-7851: Rated High (CVSS 8.7), this flaw could enable attackers to gain root shell access under certain conditions, further amplifying the risk of full compromise and unauthorized network control.
These vulnerabilities pose a severe operational risk for networks exposing Omada Gateway management interfaces to untrusted actors.
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/critical-tp-link-omada-gateway-flaw-cve-2025-6542-cvss-9-3-allows-unauthenticated-remote-command-execution/
