CVE-2025-7851

Published: Oct 21, 2025Modified: Oct 24, 2025

8.7

Vector

CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: f23511db-6c3e-4e32-a477-6aa17d310630 (Secondary)

Description

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.

Affected (26)

Products: Tp Link: Fr307 M2 Firmware, Fr205 Firmware, Fr365 Firmware, G611 Firmware, G36 Firmware, Er7212pc Firmware, Er706w 4g Firmware, Er706w Firmware, Er605 Firmware, Er7206 Firmware, Er707 M2 Firmware, Er7412 M2 Firmware, Er8411 Firmware

13 products

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Fr307 M2 Firmware	Before 1.2.5
Tp Link Fr307 M2 Firmware	Version 1.2.5

Running on/with	Platform Versions
Tp Link Fr307 M2	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Fr205 Firmware	Before 1.0.3
Tp Link Fr205 Firmware	Version 1.0.3

Running on/with	Platform Versions
Tp Link Fr205	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Fr365 Firmware	Before 1.1.10
Tp Link Fr365 Firmware	Version 1.1.10

Running on/with	Platform Versions
Tp Link Fr365	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link G611 Firmware	Before 1.2.2
Tp Link G611 Firmware	Version 1.2.2

Running on/with	Platform Versions
Tp Link G611	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link G36 Firmware	Before 1.1.4
Tp Link G36 Firmware	Version 1.1.4

Running on/with	Platform Versions
Tp Link G36	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Er7212pc Firmware	Before 2.1.3
Tp Link Er7212pc Firmware	Version 2.1.3

Running on/with	Platform Versions
Tp Link Er7212pc	All versions

Configuration G

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Er706w 4g Firmware	Before 1.2.1
Tp Link Er706w 4g Firmware	Version 1.2.1

Running on/with	Platform Versions
Tp Link Er706w 4g	All versions

Configuration H

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Er706w Firmware	Before 1.2.1
Tp Link Er706w Firmware	Version 1.2.1

Running on/with	Platform Versions
Tp Link Er706w	All versions

Configuration I

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Er605 Firmware	Before 2.3.1
Tp Link Er605 Firmware	Version 2.3.1

Running on/with	Platform Versions
Tp Link Er605	All versions

Configuration J

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Er7206 Firmware	Before 2.2.2
Tp Link Er7206 Firmware	Version 2.2.2

Running on/with	Platform Versions
Tp Link Er7206	All versions

Configuration K

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Er707 M2 Firmware	Before 1.3.1
Tp Link Er707 M2 Firmware	Version 1.3.1

Running on/with	Platform Versions
Tp Link Er707 M2	All versions

Configuration L

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Er7412 M2 Firmware	Before 1.1.0
Tp Link Er7412 M2 Firmware	Version 1.1.0

Running on/with	Platform Versions
Tp Link Er7412 M2	All versions

Configuration M

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Er8411 Firmware	Before 1.3.3
Tp Link Er8411 Firmware	Version 1.3.3

Running on/with	Platform Versions
Tp Link Er8411	All versions

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.