1. Forum
  2. tqwNet
  3. TQW GENTECH

  • TP-Link reveals more hardware security issues, so patch now or be

    From TechnologyDaily@1337:1/100 to All on Thu Oct 23 11:30:07 2025
    TP-Link reveals more hardware security issues, so patch now or be at risk

    Date:
    Thu, 23 Oct 2025 10:25:00 +0000

    Description:
    TP-Link patches four important bugs, including two critical severity ones.

    FULL STORY ======================================================================TP-Link patched four Omada gateway flaws, two rated critical for code execution Three were command injection bugs; one allowed root shell via privilege mismanagement Multiple models affected; one critical flaw requires no authentication for exploitation

    Network gear manufacturer TP-Link has patched four vulnerabilities discovered in its Omada gateway products, including two critical severity ones that
    could allow arbitrary code execution.

    In a security advisory, TP-Link said three out of four flaws were command injection vulnerabilities. The fourth one was an improper privilege
    management flaw.

    Both critical-level ones were command injection flaws, and are tracked as CVE-2025-6542, and CVE-2025-7850, with both having a 9.3/10 severity score. For the latter one, an attacker also needs to have admin access to the web portal, while for the former, no authentication is needed. Numerous models affected

    The other two flaws are tracked as CVE-2025-6541 (score 8.6/10), and CVE-2025-7851. The first one is exploitable by users with access to the web management interface, while the second one is the improper privilege management one - allowing threat actors to obtain the root shell on the underlying operating system.

    Multiple product models and versions were said to be affected. Here is the entire list:

    ER8411 < 1.3.3 Build 20251013 Rel.44647

    ER7412-M2 < 1.1.0 Build 20251015 Rel.63594

    ER707-M2 < 1.3.1 Build 20251009 Rel.67687

    ER7206 < 2.2.2 Build 20250724 Rel.11109

    ER605 < 2.3.1 Build 20251015 Rel.78291

    ER706W < 1.2.1 Build 20250821 Rel.80909

    ER706W-4G < 1.2.1 Build 20250821 Rel.82492

    ER7212PC < 2.1.3 Build 20251016 Rel.82571

    G36 < 1.1.4 Build 20251015 Rel.84206

    G611 < 1.2.2 Build 20251017 Rel.45512

    FR365 < 1.1.10 Build 20250626 Rel.81746

    FR205 < 1.0.3 Build 20251016 Rel.61376

    FR307-M2 < 1.2.5 Build 20251015 Rel.76743

    TP-Link did not mention if these flaws were being exploited in the wild or not. However, cybercriminals often wait for companies to release advisories before attacking, knowing that many organizations rarely apply the fixes on time.

    Via The Hacker News

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/tp-link-reveals-more-hardware-security- issues-so-patch-now-or-be-at-risk


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)