Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

TP-Link Omada and Festa VPN routers command injection and unauthorized root access flaws (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

Two TP-Link Omada and Festa VPN router flaws now expose command injection and unauthorized root access risk on affected devices. The issues are tracked as CVE-2025-7850 and CVE-2025-7851, with severity scores of 9.3 and 8.7. TP-Link has released firmware patches, but CVE-2025-7850 can extend beyond authenticated access in some deployments.

Related Happenings

Omada gateway devices command injection vulnerabilities (multiple vulnerabilities)

Vulnerability
First: 22.10.2025 00:11 Last: 22.10.2025 00:11 Sources 1

About this happening: TP-Link has warned that **Omada gateway devices** are affected by **two command injection vulnerabilities** that can let attackers execute arbitrary OS commands, including a **rem...

Open Happening

CISA KEV catalog update for TP-Link router flaws

Public Sector Action
First: 04.09.2025 13:03 Last: 04.09.2025 13:03 Sources 1

About this happening: CISA added **CVE-2023-50224** and **CVE-2025-9377** to the **KEV catalog**, forcing **FCEB agencies** to prioritize mitigation for **TP-Link wireless routers** by **September 24,...

Open Happening

Timeline

  1. 23.10.2025 14:30 2 articles · 7mo ago

    TP-Link Omada and Festa VPN router vulnerabilities disclosed

    Technical Analysis Update

    Forescout’s Vedere Labs disclosed two vulnerabilities in TP-Link Omada and Festa VPN routers, tracked as CVE-2025-7850 and CVE-2025-7851, that could enable command injection and unauthorized root access. The researchers tied both flaws to an incomplete fix for CVE-2024-21827 that left residual debug functionality accessible, and found that the WireGuard VPN settings Web UI on the ER605v2 router exposed an unsanitized private-key field that could let an authenticated user inject arbitrary OS commands with root privileges. TP-Link has released firmware patches, and the researchers advised immediate patching, deployment of web application firewalls before management interfaces, disabling remote administration where feasible, and logging admin sessions and router traffic for anomalies and exploitation indicators.

    Show sources
    Open in new tab