An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
CVSS Vector
CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XTp Link Er605
HWTp-Linkwszystkie wersjeTp Link Er605 Firmware
OSTp-Link2.3.1< 2.3.1Tp Link Er706w
HWTp-Linkwszystkie wersjeTp Link Er706w 4g
HWTp-Linkwszystkie wersjeTp Link Er706w 4g Firmware
OSTp-Link1.2.1< 1.2.1Tp Link Er706w Firmware
OSTp-Link1.2.1< 1.2.1Tp Link Er707 M2
HWTp-Linkwszystkie wersjeTp Link Er707 M2 Firmware
OSTp-Link1.3.1< 1.3.1Tp Link Er7206
HWTp-Linkwszystkie wersjeTp Link Er7206 Firmware
OSTp-Link2.2.2< 2.2.2Tp Link Er7212pc
HWTp-Linkwszystkie wersjeTp Link Er7212pc Firmware
OSTp-Link2.1.3< 2.1.3Tp Link Er7412 M2
HWTp-Linkwszystkie wersjeTp Link Er7412 M2 Firmware
OSTp-Link1.1.0< 1.1.0Tp Link Er8411
HWTp-Linkwszystkie wersjeTp Link Er8411 Firmware
OSTp-Link1.3.3< 1.3.3Tp Link Fr205
HWTp-Linkwszystkie wersjeTp Link Fr205 Firmware
OSTp-Link1.0.3< 1.0.3Tp Link Fr307 M2
HWTp-Linkwszystkie wersjeTp Link Fr307 M2 Firmware
OSTp-Link1.2.5< 1.2.5Tp Link Fr365
HWTp-Linkwszystkie wersjeTp Link Fr365 Firmware
OSTp-Link1.1.10< 1.1.10Tp Link G36
HWTp-Linkwszystkie wersjeTp Link G36 Firmware
OSTp-Link1.1.4< 1.1.4Tp Link G611
HWTp-Linkwszystkie wersjeTp Link G611 Firmware
OSTp-Link1.2.2< 1.2.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2025-6542CRITICAL9.3PL ✓ten sam produkt
Zdalne wykonanie poleceń OS bez uwierzytelnienia w routerach TP-Link Omada
CVE-2025-7850CRITICAL9.3PL ✓ten sam produkt
Command injection w bramkach Omada (TP-Link) po uwierzytelnieniu admina
CVE-2025-6541HIGH8.6ten sam produkt
An arbitrary OS command may be executed on the product by the user who can log in to the web management interf...
CVE-2024-21827HIGH7.2ten sam produkt
A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigab...
CVE-2023-43482HIGH7.2ten sam produkt
A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit V...