Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Omada gateway devices command injection vulnerabilities (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 21
2 unique sources, 2 articles

Summary

Hide ▲

TP-Link has warned that Omada gateway devices are affected by two command injection vulnerabilities that can let attackers execute arbitrary OS commands, including a remote unauthenticated path in CVE-2025-6542. The flaws affect 13 gateway models and could lead to full compromise, data theft, lateral movement, and persistence. TP-Link says firmware updates are available and urges affected users to apply the fixes and verify configurations afterward.

Related Happenings

Mirai-based CVE-2025-29635 D-Link DIR-823X botnet-enlistment campaign

Campaign
First: 22.04.2026 23:04 Last: 22.04.2026 23:04 Sources 1

About this happening: The **Mirai-based malware campaign** is **actively exploiting CVE-2025-29635** against **D-Link DIR-823X routers**, turning vulnerable devices into botnet nodes. The activity matt...

Open Happening

D-Link DIR-878 end-of-life replacement advisory

Advisory/Mitigation
First: 20.11.2025 17:38 Last: 20.11.2025 17:38 Sources 1

About this happening: **D-Link** told users of the **DIR-878 router** to move off the device because it reached **end-of-life in 2021** and will receive **no further security updates**. The mitigation...

Open Happening

TP-Link Omada and Festa VPN routers command injection and unauthorized root access flaws (multiple vulnerabilities)

Vulnerability
First: 23.10.2025 14:30 Last: 23.10.2025 14:30 Sources 1

About this happening: Two **TP-Link Omada and Festa VPN router** flaws now expose **command injection** and **unauthorized root access** risk on affected devices. The issues are tracked as **CVE-2025-7...

Open Happening

RondoDox multivector loader-as-a-service campaign

Campaign
First: 13.10.2025 13:12 Last: 13.10.2025 13:12 Sources 1

About this happening: The **RondoDox** botnet campaign has expanded into **multivector exploitation** and **loader-as-a-service** distribution, widening risk to **internet-exposed infrastructure** acro...

Open Happening

CISA KEV catalog update for TP-Link router flaws

Public Sector Action
First: 04.09.2025 13:03 Last: 04.09.2025 13:03 Sources 1

About this happening: CISA added **CVE-2023-50224** and **CVE-2025-9377** to the **KEV catalog**, forcing **FCEB agencies** to prioritize mitigation for **TP-Link wireless routers** by **September 24,...

Open Happening

Timeline

  1. 22.10.2025 00:11 2 articles · 7mo ago

    TP-Link warns of Omada gateway command injection flaws

    Initial Disclosure

    TP-Link warned that Omada gateway devices are affected by CVE-2025-6542 and CVE-2025-6541, two command injection vulnerabilities that can let an attacker execute arbitrary OS commands on the underlying operating system. CVE-2025-6542 is rated critical at 9.3 and can be exploited by a remote attacker without authentication, while CVE-2025-6541 is rated 8.6 and requires access to the web management interface. The vendor said the issues can enable full compromise, data theft, lateral movement, and persistence, released firmware updates for impacted devices, and advised users to apply the fixes and verify configurations after upgrade; a separate bulletin also described CVE-2025-8750, CVE-2025-7851, and CVE-2025-7850, with the latest firmware release addressing all four vulnerabilities.

    Show sources
    Open in new tab