CVE-2025-6542

Published: Oct 21, 2025Modified: Oct 24, 2025

9.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: f23511db-6c3e-4e32-a477-6aa17d310630 (Secondary)

Description

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.

Affected (26)

Products: Tp Link: Er8411 Firmware, Er7412 M2 Firmware, Er707 M2 Firmware, Er7206 Firmware, Er605 Firmware, Er706w Firmware, Er706w 4g Firmware, Er7212pc Firmware, G36 Firmware, G611 Firmware, Fr365 Firmware, Fr205 Firmware, Fr307 M2 Firmware

13 products

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Er8411 Firmware	Before 1.3.3
Tp Link Er8411 Firmware	Version 1.3.3

Running on/with	Platform Versions
Tp Link Er8411	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Er7412 M2 Firmware	Before 1.1.0
Tp Link Er7412 M2 Firmware	Version 1.1.0

Running on/with	Platform Versions
Tp Link Er7412 M2	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Er707 M2 Firmware	Before 1.3.1
Tp Link Er707 M2 Firmware	Version 1.3.1

Running on/with	Platform Versions
Tp Link Er707 M2	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Er7206 Firmware	Before 2.2.2
Tp Link Er7206 Firmware	Version 2.2.2

Running on/with	Platform Versions
Tp Link Er7206	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Er605 Firmware	Before 2.3.1
Tp Link Er605 Firmware	Version 2.3.1

Running on/with	Platform Versions
Tp Link Er605	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Er706w Firmware	Before 1.2.1
Tp Link Er706w Firmware	Version 1.2.1

Running on/with	Platform Versions
Tp Link Er706w	All versions

Configuration G

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Er706w 4g Firmware	Before 1.2.1
Tp Link Er706w 4g Firmware	Version 1.2.1

Running on/with	Platform Versions
Tp Link Er706w 4g	All versions

Configuration H

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Er7212pc Firmware	Before 2.1.3
Tp Link Er7212pc Firmware	Version 2.1.3

Running on/with	Platform Versions
Tp Link Er7212pc	All versions

Configuration I

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link G36 Firmware	Before 1.1.4
Tp Link G36 Firmware	Version 1.1.4

Running on/with	Platform Versions
Tp Link G36	All versions

Configuration J

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link G611 Firmware	Before 1.2.2
Tp Link G611 Firmware	Version 1.2.2

Running on/with	Platform Versions
Tp Link G611	All versions

Configuration K

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Fr365 Firmware	Before 1.1.10
Tp Link Fr365 Firmware	Version 1.1.10

Running on/with	Platform Versions
Tp Link Fr365	All versions

Configuration L

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Fr205 Firmware	Before 1.0.3
Tp Link Fr205 Firmware	Version 1.0.3

Running on/with	Platform Versions
Tp Link Fr205	All versions

Configuration M

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Fr307 M2 Firmware	Before 1.2.5
Tp Link Fr307 M2 Firmware	Version 1.2.5

Running on/with	Platform Versions
Tp Link Fr307 M2	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

https://support.omadanetworks.com/en/document/108455/

Source: f23511db-6c3e-4e32-a477-6aa17d310630

Vendor Advisory

https://www.omadanetworks.com/us/business-networking/all-omada-router/

Source: f23511db-6c3e-4e32-a477-6aa17d310630

Product

https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/

Source: f23511db-6c3e-4e32-a477-6aa17d310630

Product

https://www.tp-link.com/us/business-networking/soho-festa-gateway/

Source: f23511db-6c3e-4e32-a477-6aa17d310630

Product

Timeline

No history available yet.