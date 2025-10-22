Updates have been issued by TP-Link for four serious vulnerabilities impacting its Omada gateway devices, according to BleepingComputer

Both the high-severity CVE-2025-6541 and critical-severity CVE-2025-6542 flaws could be harnessed to facilitate arbitrary OS command execution, but only the latter could be exploited without authentication, said TP-Link. Attackers could leverage both security issues, which affect more than a dozen Omada gateway models, to achieve data exfiltration, lateral movement, persistence, and total system compromise.

Another security bulletin from the major Chinese network equipment and smart home product manufacturer detailed the critical command injection bug, tracked as CVE-2025-7850, and high-severity root access defect, tracked as CVE-2025-7851, which also affect the same 13 Omada models with the earlier vulnerabilities.

Attacks involving CVE-2025-7850 could enable Omada web portal compromise, while intrusions exploiting the latter flaw could result in shell access with root privileges. Immediate application of the latest Omada firmware updates has been urged.