MUST READ

PhantomCaptcha targets Ukraine relief groups with WebSocket RAT in October 2025

 | 

TP-Link urges immediate updates for Omada Gateways after critical flaws discovery

 | 

TARmageddon flaw in Async-Tar Rust library allows to smuggle extra archives when the library is processing nested TAR files

 | 

Russia-linked COLDRIVER speeds up malware evolution after LOSTKEYS exposure

 | 

Japanese retailer Muji halted online sales after a ransomware attack on logistics partner

 | 

U.S. CISA adds Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities catalog

 | 

China-Linked Salt Typhoon breaches European Telecom via Citrix exploit

 | 

Russian Lynk group leaks sensitive UK MoD files, including info on eight military bases

 | 

CAPI Backdoor targets Russia’s auto and e-commerce sectors

 | 

F5 breach exposes 262,000 BIG-IP systems worldwide

 | 

China finds “irrefutable evidence” of US NSA cyberattacks on time Authority

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 67

 | 

Security Affairs newsletter Round 546 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Winos 4.0 hackers expand to Japan and Malaysia with new malware

 | 

From Airport chaos to cyber intrigue: Everest Gang takes credit for Collins Aerospace breach

 | 

SIMCARTEL operation: Europol takes down SIM-Box ring linked to 3,200 scams

 | 

A critical WatchGuard Fireware flaw could allow unauthenticated code execution

 | 

Prosper disclosed a data breach impacting 17.6 million accounts

 | 

Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign

 | 

PowerSchool hacker got four years in prison

 | 

TP-Link urges immediate updates for Omada Gateways after critical flaws discovery

Pierluigi Paganini October 22, 2025

TP-Link warns of critical flaws in Omada gateways across ER, G, and FR models. Users should update firmware immediately to stay secure.

TP-Link is warning users of critical flaws impacting its Omada gateway devices. The Taiwanese company published two security advisories this week, outlining four vulnerabilities that impacts more than a dozen products across the ER, G, and FR series. The vendor has already released firmware updates to address the issues and urges users to install it immediately.

The most severe vulnerability, tracked as CVE-2025-6542 (CVSS score of 9.3) is an arbitrary OS command impacting Omada gateways.

“An arbitrary OS command may be executed on Omada gateways by the user who can log in to the web management interface or by a remote unauthenticated attacker.” reads the advisory. “Attackers may execute arbitrary commands on the device’s underlying operating system.”

The flaw affects the following products and versions:

Affected Product ModelAffected VersionFixed Version
ER8411< 1.3.3 Build 20251013 Rel.44647>= 1.3.3 Build 20251013 Rel.44647
ER7412-M2< 1.1.0 Build 20251015 Rel.63594>= 1.1.0 Build 20251015 Rel.63594
ER707-M2< 1.3.1 Build 20251009 Rel.67687>= 1.3.1 Build 20251009 Rel.67687
ER7206< 2.2.2 Build 20250724 Rel.11109>= 2.2.2 Build 20250724 Rel.11109
ER605< 2.3.1 Build 20251015 Rel.78291>= 2.3.1 Build 20251015 Rel.78291
ER706W< 1.2.1 Build 20250821 Rel.80909>= 1.2.1 Build 20250821 Rel.80909
ER706W-4G< 1.2.1 Build 20250821 Rel.82492>= 1.2.1 Build 20250821 Rel.82492
ER7212PC< 2.1.3 Build 20251016 Rel.82571>= 2.1.3 Build 20251016 Rel.82571
G36< 1.1.4 Build 20251015 Rel.84206>= 1.1.4 Build 20251015 Rel.84206
G611< 1.2.2 Build 20251017 Rel.45512>= 1.2.2 Build 20251017 Rel.45512
FR365< 1.1.10 Build 20250626 Rel.81746>= 1.1.10 Build 20250626 Rel.81746
FR205< 1.0.3 Build 20251016 Rel.61376>= 1.0.3 Build 20251016 Rel.61376
FR307-M2< 1.2.5 Build 20251015 Rel.76743>= 1.2.5 Build 20251015 Rel.76743

The vendor addressed a second command critical vulnerability, tracked as CVE-2025-7850 (CVSS score of 9.3). The vulnerability is a command injection issue, an attacker could exploit the flaw after the admin’s authentication on the web portal on Omada gateways.

“A command injection vulnerability may be exploited after the admin’s authentication on the web portal on Omada gateways.” reads the advisory.

The flaw affects the following products:

Affected Product ModelAffected VersionFixed Version
ER8411< 1.3.3 Build 20251013 Rel.44647>= 1.3.3 Build 20251013 Rel.44647
ER7412-M2< 1.1.0 Build 20251015 Rel.63594>= 1.1.0 Build 20251015 Rel.63594
ER707-M2< 1.3.1 Build 20251009 Rel.67687>= 1.3.1 Build 20251009 Rel.67687
ER7206< 2.2.2 Build 20250724 Rel.11109>= 2.2.2 Build 20250724 Rel.11109
ER605< 2.3.1 Build 20251015 Rel.78291>= 2.3.1 Build 20251015 Rel.78291
ER706W< 1.2.1 Build 20250821 Rel.80909>= 1.2.1 Build 20250821 Rel.80909
ER706W-4G< 1.2.1 Build 20250821 Rel.82492>= 1.2.1 Build 20250821 Rel.82492
ER7212PC< 2.1.3 Build 20251016 Rel.82571>= 2.1.3 Build 20251016 Rel.82571
G36< 1.1.4 Build 20251015 Rel.84206>= 1.1.4 Build 20251015 Rel.84206
G611< 1.2.2 Build 20251017 Rel.45512>= 1.2.2 Build 20251017 Rel.45512
FR365< 1.1.10 Build 20250626 Rel.81746>= 1.1.10 Build 20250626 Rel.81746
FR205< 1.0.3 Build 20251016 Rel.61376>= 1.0.3 Build 20251016 Rel.61376
FR307-M2< 1.2.5 Build 20251015 Rel.76743>= 1.2.5 Build 20251015 Rel.76743

The two additional vulnerabilities fixed by the vendor are:

  • CVE-2025-7851 (CVSS score of 8.7) – root access vulnerabilities on Omada. An attacker may obtain the root shell on the underlying with the restricted conditions on Omada gateways.
  • CVE-2025-6541 (CVSS score of 8.6) – An arbitrary OS command may be executed on Omada gateways by the user who can log in to the web management interface or by a remote unauthenticated attacker.

TP-Link is urging all users to take immediate action:

  • Install the latest firmware updates available on TP-Link’s support site.
  • Change default or weak passwords on all affected Omada gateways.
  • Restrict access to the device’s management interface, ideally limiting it to trusted internal networks.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, TP-Link)

Hacking hacking news information security news IT Information Security Pierluigi Paganini Security Affairs Security News TP-Link

you might also like

Pierluigi Paganini October 22, 2025
PhantomCaptcha targets Ukraine relief groups with WebSocket RAT in October 2025
Read more
Pierluigi Paganini October 22, 2025
TARmageddon flaw in Async-Tar Rust library allows to smuggle extra archives when the library is processing nested TAR files
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

PhantomCaptcha targets Ukraine relief groups with WebSocket RAT in October 2025

APT / October 22, 2025

TP-Link urges immediate updates for Omada Gateways after critical flaws discovery

Security / October 22, 2025

TARmageddon flaw in Async-Tar Rust library allows to smuggle extra archives when the library is processing nested TAR files

Hacking / October 22, 2025

Russia-linked COLDRIVER speeds up malware evolution after LOSTKEYS exposure

APT / October 22, 2025

Japanese retailer Muji halted online sales after a ransomware attack on logistics partner

Breaking News / October 21, 2025