CVE-2025-6542

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-6542
An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.omadanetworks.com/en/document/108455/ Vendor Advisory
https://www.omadanetworks.com/us/business-networking/all-omada-router/ Product
https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/ Product
https://www.tp-link.com/us/business-networking/soho-festa-gateway/ Product
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:tp-link:er8411_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er8411_firmware:1.3.3:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er8411:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:tp-link:er7412-m2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7412-m2_firmware:1.1.0:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er7412-m2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:tp-link:er707-m2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er707-m2_firmware:1.3.1:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er707-m2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:tp-link:er7206_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7206_firmware:2.2.2:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:tp-link:er605_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er605_firmware:2.3.1:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er605:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:tp-link:er706w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er706w_firmware:1.2.1:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er706w:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:tp-link:er706w-4g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er706w-4g_firmware:1.2.1:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er706w-4g:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:tp-link:er7212pc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7212pc_firmware:2.1.3:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er7212pc:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:tp-link:g36_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:g36_firmware:1.1.4:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:g36:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
OR cpe:2.3:o:tp-link:g611_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:g611_firmware:1.2.2:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:g611:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
OR cpe:2.3:o:tp-link:fr365_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr365_firmware:1.1.10:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:fr365:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
OR cpe:2.3:o:tp-link:fr205_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr205_firmware:1.0.3:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:fr205:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
OR cpe:2.3:o:tp-link:fr307-m2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr307-m2_firmware:1.2.5:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:fr307-m2:-:*:*:*:*:*:*:*
History

24 Oct 2025, 13:50

Type Values Removed Values Added
CPE cpe:2.3:o:tp-link:fr205_firmware:1.0.3:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:er605_firmware:2.3.1:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:er706w-4g_firmware:1.2.1:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:er706w-4g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7212pc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er706w_firmware:1.2.1:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:er8411_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:er706w:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr365_firmware:1.1.10:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er707-m2:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:er7412-m2:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7212pc_firmware:2.1.3:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:er707-m2_firmware:1.3.1:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:g36_firmware:1.1.4:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr307-m2_firmware:1.2.5:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:er707-m2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er8411_firmware:1.3.3:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:g611_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:g611_firmware:1.2.2:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:fr205:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7206_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:er605:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:g36:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:fr365:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7206_firmware:2.2.2:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er7212pc:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er706w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr365_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er605_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:fr307-m2:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7412-m2_firmware:1.1.0:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7412-m2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:g36_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:g611:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr307-m2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr205_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:er8411:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:er706w-4g:-:*:*:*:*:*:*:*
References () https://support.omadanetworks.com/en/document/108455/ - () https://support.omadanetworks.com/en/document/108455/ - Vendor Advisory
References () https://www.omadanetworks.com/us/business-networking/all-omada-router/ - () https://www.omadanetworks.com/us/business-networking/all-omada-router/ - Product
References () https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/ - () https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/ - Product
References () https://www.tp-link.com/us/business-networking/soho-festa-gateway/ - () https://www.tp-link.com/us/business-networking/soho-festa-gateway/ - Product
First Time Tp-link fr307-m2
Tp-link er605
Tp-link er707-m2 Firmware
Tp-link er7412-m2
Tp-link er706w Firmware
Tp-link er7212pc
Tp-link er605 Firmware
Tp-link er8411
Tp-link
Tp-link er706w-4g
Tp-link fr365
Tp-link er7206
Tp-link er706w-4g Firmware
Tp-link fr205 Firmware
Tp-link fr307-m2 Firmware
Tp-link er707-m2
Tp-link g611
Tp-link fr365 Firmware
Tp-link g36 Firmware
Tp-link er7212pc Firmware
Tp-link fr205
Tp-link g36
Tp-link g611 Firmware
Tp-link er706w
Tp-link er8411 Firmware
Tp-link er7206 Firmware
Tp-link er7412-m2 Firmware
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

21 Oct 2025, 02:15

Type Values Removed Values Added
Summary (en) An arbitrary OS command may be executed on the product by the user who can log in to the web management interface. (en) An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.

21 Oct 2025, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-10-21 01:15

Updated : 2025-10-24 13:50

NVD link : CVE-2025-6542

Mitre link : CVE-2025-6542

CVE.ORG link : CVE-2025-6542

JSON object : View

Products Affected

tp-link

  • er7206_firmware
  • er706w-4g_firmware
  • g36
  • fr307-m2
  • er8411
  • fr365
  • er7212pc
  • er8411_firmware
  • er707-m2_firmware
  • er7206
  • er605_firmware
  • g611
  • er7412-m2_firmware
  • fr205
  • g36_firmware
  • er706w
  • fr205_firmware
  • er605
  • g611_firmware
  • er7212pc_firmware
  • er707-m2
  • fr365_firmware
  • er706w_firmware
  • er7412-m2
  • fr307-m2_firmware
  • er706w-4g
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')