cbcvebase.
CVE-2025-7850
published 2025-10-21

CVE-2025-7850: A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.

PriorityP354high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
2.17%
80.0th percentile
A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.

Affected

29 ranges· showing 25
VendorProductVersion rangeFixed in
tp-linker605_firmware< 2.3.12.3.1
tp-linker605_firmware
tp-linker706w-4g_firmware< 1.2.11.2.1
tp-linker706w-4g_firmware
tp-linker706w_firmware< 1.2.11.2.1
tp-linker706w_firmware
tp-linker707-m2_firmware< 1.3.11.3.1
tp-linker707-m2_firmware
tp-linker7206_firmware< 2.2.22.2.2
tp-linker7206_firmware
tp-linker7212pc_firmware< 2.1.32.1.3
tp-linker7212pc_firmware
tp-linker7412-m2_firmware< 1.1.01.1.0
tp-linker7412-m2_firmware
tp-linker8411_firmware< 1.3.31.3.3
tp-linker8411_firmware
tp-linkfr205_firmware< 1.0.31.0.3
tp-linkfr205_firmware
tp-linkfr307-m2_firmware< 1.2.51.2.5
tp-linkfr307-m2_firmware
tp-linkfr365_firmware< 1.1.101.1.10
tp-linkfr365_firmware
tp-linkg36_firmware< 1.1.41.1.4
tp-linkg36_firmware
tp-linkg611_firmware< 1.2.21.2.2

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.