TP-Link Warns of Critical Omada Gateway Flaws

TP-Link warns of critical vulnerabilities affecting its Omada gateway devices, urging users to install firmware updates immediately. The company disclosed four security flaws this week in two advisories, impacting over a dozen models across the ER, G, and FR series. Among them, CVE-2025-6542 stands out with a CVSS score of 9.3, allowing attackers to execute arbitrary OS commands through the web interface, even without authentication.

TP-Link warns of critical command injection flaws as well. CVE-2025-7850, also rated 9.3, can be exploited post-authentication via the web portal. Two additional bugs—CVE-2025-7851 and CVE-2025-6541—received scores of 8.7 and 8.6, respectively, and could lead to root access or remote command execution.

The company urges users to update affected devices, change weak passwords, and restrict access to the management interface. Firmware updates are available through TP-Link’s support page.

TP-Link urges immediate updates for Omada Gateways after critical flaws discovery