CVE-2025-7851
CRITICAL WAF: Low
CVSS 9.8
Published: 2025-10-21
CWE-269
An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| tp-link | fr307-m2_firmware | up to 1.2.5 |
| tp-link | fr307-m2_firmware | 1.2.5 |
| tp-link | fr205_firmware | up to 1.0.3 |
| tp-link | fr205_firmware | 1.0.3 |
| tp-link | fr365_firmware | up to 1.1.10 |
| tp-link | fr365_firmware | 1.1.10 |
| tp-link | g611_firmware | up to 1.2.2 |
| tp-link | g611_firmware | 1.2.2 |
| tp-link | g36_firmware | up to 1.1.4 |
| tp-link | g36_firmware | 1.1.4 |
References
- support.omadanetworks.com (Vendor Advisory)
- www.forescout.com
- www.omadanetworks.com (Product)
- www.omadanetworks.com (Product)
- www.tp-link.com (Product)