← Back to CVEs
CVE-2025-7851
CRITICAL9.8
Description
An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published10/21/2025
Last Modified10/24/2025
Sourcenvd
Honeypot Sightings0
Affected Products
tp-link:er605tp-link:er605_firmwaretp-link:er706wtp-link:er706w-4gtp-link:er706w-4g_firmwaretp-link:er706w_firmwaretp-link:er707-m2tp-link:er707-m2_firmwaretp-link:er7206tp-link:er7206_firmwaretp-link:er7212pctp-link:er7212pc_firmwaretp-link:er7412-m2tp-link:er7412-m2_firmwaretp-link:er8411tp-link:er8411_firmwaretp-link:fr205tp-link:fr205_firmwaretp-link:fr307-m2tp-link:fr307-m2_firmwaretp-link:fr365tp-link:fr365_firmwaretp-link:g36tp-link:g36_firmwaretp-link:g611tp-link:g611_firmware
Weaknesses (CWE)
CWE-269
References
https://support.omadanetworks.com/en/document/108456/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.forescout.com/blog/new-tp-link-router-vulnerabilities-a-primer-on-rooting-routers/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.omadanetworks.com/us/business-networking/all-omada-router/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/business-networking/soho-festa-gateway/(f23511db-6c3e-4e32-a477-6aa17d310630)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.