CVE-2025-7850

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-7850
A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.omadanetworks.com/en/document/108456/ Vendor Advisory
https://www.forescout.com/blog/new-tp-link-router-vulnerabilities-a-primer-on-rooting-routers/
https://www.omadanetworks.com/us/business-networking/all-omada-router/ Product
https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/ Product
https://www.tp-link.com/us/business-networking/soho-festa-gateway/ Product
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:tp-link:er8411_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er8411_firmware:1.3.3:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er8411:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:tp-link:er7412-m2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7412-m2_firmware:1.1.0:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er7412-m2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:tp-link:er707-m2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er707-m2_firmware:1.3.1:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er707-m2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:tp-link:er7206_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7206_firmware:2.2.2:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:tp-link:er605_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er605_firmware:2.3.1:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er605:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:tp-link:er706w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er706w_firmware:1.2.1:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er706w:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:tp-link:er706w-4g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er706w-4g_firmware:1.2.1:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er706w-4g:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:tp-link:er7212pc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7212pc_firmware:2.1.3:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er7212pc:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:tp-link:g36_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:g36_firmware:1.1.4:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:g36:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
OR cpe:2.3:o:tp-link:g611_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:g611_firmware:1.2.2:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:g611:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
OR cpe:2.3:o:tp-link:fr365_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr365_firmware:1.1.10:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:fr365:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
OR cpe:2.3:o:tp-link:fr205_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr205_firmware:1.0.3:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:fr205:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
OR cpe:2.3:o:tp-link:fr307-m2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr307-m2_firmware:1.2.5:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:fr307-m2:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-10-21 01:15

Updated : 2025-10-24 17:15

NVD link : CVE-2025-7850

Mitre link : CVE-2025-7850

CVE.ORG link : CVE-2025-7850

JSON object : View

Products Affected

tp-link

  • er706w-4g_firmware
  • er7212pc_firmware
  • fr365_firmware
  • fr365
  • er605_firmware
  • er7206_firmware
  • er7412-m2
  • er605
  • er707-m2
  • g36_firmware
  • er706w
  • fr307-m2_firmware
  • er8411_firmware
  • fr205
  • er7206
  • er707-m2_firmware
  • er706w_firmware
  • g36
  • er7212pc
  • er8411
  • er706w-4g
  • g611_firmware
  • er7412-m2_firmware
  • g611
  • fr307-m2
  • fr205_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')