TP-Link has issued a warning about two command injection vulnerabilities affecting Omada gateway devices, which could allow remote or authenticated attackers to execute arbitrary OS commands. The company has released firmware updates to fix these issues and urges users to apply the patches promptly. #CVE20256542 #CVE20256541 #OmadaGateway #TPLinkVulnerabilities
Keypoints
- Two severe command injection flaws impact 13 models of TP-Link Omada gateways.
- One vulnerability, CVE-2025-6542, can be exploited remotely without authentication.
- The second flaw, CVE-2025-6541, requires user login to the web management interface.
- Exploitation of these vulnerabilities can lead to full device compromise and data theft.
- Firmware updates addressing all four vulnerabilities are now available for affected devices.