CVE-2025-6541
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-24
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | er706w_firmware | to 1.2.1 (exc) |
| tp-link | er706w_firmware | 1.2.1 |
| tp-link | er706w | * |
| tp-link | er706w-4g_firmware | to 1.2.1 (exc) |
| tp-link | er706w-4g_firmware | 1.2.1 |
| tp-link | er706w-4g | * |
| tp-link | er7212pc_firmware | to 2.1.3 (exc) |
| tp-link | er7212pc_firmware | 2.1.3 |
| tp-link | er7212pc | * |
| tp-link | g36_firmware | to 1.1.4 (exc) |
| tp-link | g36_firmware | 1.1.4 |
| tp-link | g36 | * |
| tp-link | g611_firmware | to 1.2.2 (exc) |
| tp-link | g611_firmware | 1.2.2 |
| tp-link | g611 | * |
| tp-link | fr365_firmware | to 1.1.10 (exc) |
| tp-link | fr365_firmware | 1.1.10 |
| tp-link | fr365 | * |
| tp-link | fr205_firmware | to 1.0.3 (exc) |
| tp-link | fr205_firmware | 1.0.3 |
| tp-link | fr205 | * |
| tp-link | fr307-m2_firmware | to 1.2.5 (exc) |
| tp-link | fr307-m2_firmware | 1.2.5 |
| tp-link | fr307-m2 | * |
| tp-link | er8411_firmware | to 1.3.3 (exc) |
| tp-link | er8411_firmware | 1.3.3 |
| tp-link | er8411 | * |
| tp-link | er7412-m2_firmware | to 1.1.0 (exc) |
| tp-link | er7412-m2_firmware | 1.1.0 |
| tp-link | er7412-m2 | * |
| tp-link | er707-m2_firmware | to 1.3.1 (exc) |
| tp-link | er707-m2_firmware | 1.3.1 |
| tp-link | er707-m2 | * |
| tp-link | er7206_firmware | to 2.2.2 (exc) |
| tp-link | er7206_firmware | 2.2.2 |
| tp-link | er7206 | * |
| tp-link | er605_firmware | to 2.3.1 (exc) |
| tp-link | er605_firmware | 2.3.1 |
| tp-link | er605 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6541 is an OS command injection vulnerability in Omada gateways that allows a user logged into the web management interface to execute arbitrary operating system commands on the device. This means an attacker with access to the interface can run any OS-level commands, potentially compromising the device. [1]
How can this vulnerability impact me? :
This vulnerability can have significant security impacts including compromising the confidentiality, integrity, and availability of the affected device. An attacker could execute arbitrary commands on the device's operating system, potentially leading to unauthorized access, data breaches, disruption of services, or complete device takeover. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the affected Omada gateway devices to the latest fixed firmware versions equal to or later than the specified builds for each model. After upgrading, verify the device configurations to ensure settings remain secure and as intended. Failure to update leaves devices vulnerable to exploitation. [1]