CVE-2025-7375
Awaiting Analysis Awaiting Analysis - Queue
Denial-of-Service in Omada EAP610 HTTP Service Causes Crash

Publication date: 2026-03-05

Last updated on: 2026-03-09

Assigner: TPLink

Description
A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610 firmware versions prior to 1.6.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-14
NVD
CVE-2025-7375
EUVD
EUVD-2025-208321
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tp-link omada_eap610_firmware to 1.6.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-7375 is a denial-of-service (DoS) vulnerability found in the TP-Link Omada EAP610 v3 access point, specifically in firmware versions prior to 1.6.0.

An attacker with adjacent network access can send specially crafted HTTP requests to the device, causing its HTTP service to crash.

This crash results in temporary service unavailability until the device is rebooted.

Impact Analysis

[{'type': 'paragraph', 'content': 'The vulnerability can cause the HTTP service on the affected Omada EAP610 device to crash, leading to a denial of service.'}, {'type': 'paragraph', 'content': "This results in temporary unavailability of the device's network services until it is rebooted."}, {'type': 'paragraph', 'content': 'Such service interruptions can disrupt network connectivity and impact users relying on the device for WiFi access.'}] [3]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for crashes or unavailability of the HTTP service on Omada EAP610 v3 devices running firmware versions prior to 1.6.0. Since the attack involves specially crafted HTTP requests from an adjacent network, network traffic analysis tools could be used to identify unusual or malformed HTTP requests targeting the device.'}, {'type': 'paragraph', 'content': "Specific commands are not provided in the available resources, but general network monitoring commands such as using tcpdump or Wireshark to capture HTTP traffic to the device's IP address could help detect suspicious requests. Additionally, checking the device logs for HTTP service crashes or reboots may indicate exploitation attempts."}] [3]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The immediate step to mitigate this vulnerability is to update the Omada EAP610 v3 device firmware to version 1.6.0 or later, as this fixes the denial-of-service issue.'}, {'type': 'paragraph', 'content': "Until the update can be applied, restricting adjacent network access to the device's HTTP service can reduce the risk of exploitation. Monitoring the device for HTTP service crashes and rebooting as necessary can help maintain availability."}] [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-7375. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart