Omada Pro Logo official website Vigi Logo official website
Contact Us
Worldwide / English

Statement on OS command injection vulnerabilities on Omada gateways (CVE-2025-6541 and CVE-2025-6542)

Security Vulnerability
BookmarksCopy Link
10-21-2025
538

Vulnerability Description:

An arbitrary OS command may be executed on Omada gateways by the user who can log in to the web management interface or by a remote unauthenticated attacker.

Impact:

Attackers may execute arbitrary commands on the device’s underlying operating system.

CVE-2025-6541:

CVSS v4.0 Score: 8.6 / High

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE-2025-6542:

CVSS v4.0 Score: 9.3 / Critical

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products/Versions and Fixes:

Affected Product Model

Affected Version

Fixed Version

ER8411

< 1.3.3 Build 20251013 Rel.44647

>= 1.3.3 Build 20251013 Rel.44647

ER7412-M2

< 1.1.0 Build 20251015 Rel.63594

>= 1.1.0 Build 20251015 Rel.63594

ER707-M2

< 1.3.1 Build 20251009 Rel.67687

>= 1.3.1 Build 20251009 Rel.67687

ER7206

< 2.2.2 Build 20250724 Rel.11109

>= 2.2.2 Build 20250724 Rel.11109

ER605

< 2.3.1 Build 20251015 Rel.78291

>= 2.3.1 Build 20251015 Rel.78291

ER706W

< 1.2.1 Build 20250821 Rel.80909

>= 1.2.1 Build 20250821 Rel.80909

ER706W-4G

< 1.2.1 Build 20250821 Rel.82492

>= 1.2.1 Build 20250821 Rel.82492

ER7212PC

< 2.1.3 Build 20251016 Rel.82571

>= 2.1.3 Build 20251016 Rel.82571

G36

< 1.1.4 Build 20251015 Rel.84206

>= 1.1.4 Build 20251015 Rel.84206

G611

< 1.2.2 Build 20251017 Rel.45512

>= 1.2.2 Build 20251017 Rel.45512

FR365

< 1.1.10 Build 20250626 Rel.81746

>= 1.1.10 Build 20250626 Rel.81746

FR205

< 1.0.3 Build 20251016 Rel.61376

>= 1.0.3 Build 20251016 Rel.61376

FR307-M2

< 1.2.5 Build 20251015 Rel.76743

>= 1.2.5 Build 20251015 Rel.76743

Recommendations:

We strongly recommended that users with the affected device(s) take the following action(s):

  1. Download and update to the latest firmware to fix the vulnerabilities.
  2. Check the configurations of the device after the firmware upgrade to ensure that all settings remain accurate, secure, and aligned with their intended preferences.

Disclaimer:

If you do not take the recommended action(s) stated above, this vulnerability concern will remain. TP-Link cannot bear any responsibility for the consequences that could have been avoided by following the recommended action(s) in this statement.

Please Rate this Document

Sign Up for News & OffersTP-Link takes your privacy seriously. For further details on TP-Link's privacy practices, see TP-Link's Privacy Policy.

Email Error

Follow Us

About
Press
Partners
Learning Center
TP-Link Omada Omada Pro VIGI
Worldwide / English

©2025 TP-Link Systems Inc. and its affiliated companies. All rights reserved.

TP-Link, Tapo, Kasa, Omada, VIGI, Aginet, HomeShield, and Tapo Care branded products are products of TP-Link Systems Inc. or its affiliates.
Note: Some services and materials may require you to accept additional terms and conditions before access or use.
References to "TP-Link" may include TP-Link Systems Inc., its subsidiaries, or business units within the TP-Link corporate structure, as applicable.
The materials provided, including but not limited to press releases, presentations, blog posts, and webcasts, are current as of the date of publication and may be superseded by subsequent updates.

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again

Your Privacy Choices

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again

Basic Cookies

These cookies are necessary for the website to function and cannot be deactivated in your systems.

TP-Link

SESSION, JSESSIONID, accepted_local_switcher, tp_privacy_banner, tp_privacy_base, tp_privacy_marketing, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType

Youtube

id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ

Zendesk

OptanonConsent, __cf_bm, __cfruid, _cfuvid, _help_center_session, _pendo___sg__.<container-id>, _pendo_meta.<container-id>, _pendo_visitorId.<container-id>, _zendesk_authenticated, _zendesk_cookie, _zendesk_session, _zendesk_shared_session, ajs_anonymous_id, cf_clearance

Analysis and Marketing Cookies

Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.

The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.

Google Analytics & Google Tag Manager

_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>

Google Ads & DoubleClick

test_cookie, _gcl_au