TP-Link Urges Immediate Updates for Omada Gateways after Critical Flaws Discovery
TP-Link, a leading provider of networking solutions, has issued a warning to its customers regarding critical flaws in its Omada gateway devices. The Taiwanese company has published two security advisories highlighting four vulnerabilities that affect more than a dozen products across the ER, G, and FR series.
The most severe vulnerability, tracked as CVE-2025-6542 (CVSS score of 9.3), is an arbitrary OS command impacting Omada gateways. This means that users who can log in to the web management interface or remote unauthenticated attackers can execute arbitrary commands on the device's underlying operating system.
"An arbitrary OS command may be executed on Omada gateways by the user who can log in to the web management interface or by a remote unauthenticated attacker," reads the advisory. "Attackers may execute arbitrary commands on the device’s underlying operating system." This critical flaw has far-reaching implications for network security and highlights the importance of prompt updates and patching.
Another critical vulnerability, tracked as CVE-2025-7850 (CVSS score of 9.3), is a command injection issue. An attacker could exploit this flaw after the admin's authentication on the web portal on Omada gateways. The advisory states that "A command injection vulnerability may be exploited after the admin’s authentication on the web portal on Omada gateways."
The two additional vulnerabilities fixed by TP-Link are not specified in detail, but it is clear that they pose significant risks to network security.
TP-Link is urging all users to take immediate action and update their firmware to address these critical flaws. The vendor has already released firmware updates for affected products, and customers are advised to install them as soon as possible.
"We urge all our customers to take this warning seriously and update their firmware immediately," said a spokesperson for TP-Link. "The security of our products is our top priority, and we will continue to work tirelessly to ensure that our devices remain secure against emerging threats."
Users who are concerned about the security of their Omada gateways can visit TP-Link's website for more information on the updated firmware and how to install it. By taking prompt action, users can help prevent potential attacks and protect their networks from harm.
Stay up-to-date with the latest security news by following me on Twitter: @securityaffairs and Facebook and Mastodon.