CVE-2025-7851

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-7851
An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.omadanetworks.com/en/document/108456/ Vendor Advisory
https://www.forescout.com/blog/new-tp-link-router-vulnerabilities-a-primer-on-rooting-routers/
https://www.omadanetworks.com/us/business-networking/all-omada-router/ Product
https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/ Product
https://www.tp-link.com/us/business-networking/soho-festa-gateway/ Product
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:tp-link:fr307-m2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr307-m2_firmware:1.2.5:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:fr307-m2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:tp-link:fr205_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr205_firmware:1.0.3:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:fr205:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:tp-link:fr365_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr365_firmware:1.1.10:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:fr365:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:tp-link:g611_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:g611_firmware:1.2.2:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:g611:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:tp-link:g36_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:g36_firmware:1.1.4:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:g36:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:tp-link:er7212pc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7212pc_firmware:2.1.3:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er7212pc:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:tp-link:er706w-4g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er706w-4g_firmware:1.2.1:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er706w-4g:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:tp-link:er706w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er706w_firmware:1.2.1:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er706w:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:tp-link:er605_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er605_firmware:2.3.1:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er605:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
OR cpe:2.3:o:tp-link:er7206_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7206_firmware:2.2.2:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
OR cpe:2.3:o:tp-link:er707-m2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er707-m2_firmware:1.3.1:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er707-m2:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
OR cpe:2.3:o:tp-link:er7412-m2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7412-m2_firmware:1.1.0:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er7412-m2:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
OR cpe:2.3:o:tp-link:er8411_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er8411_firmware:1.3.3:-:*:*:*:*:*:*
cpe:2.3:h:tp-link:er8411:-:*:*:*:*:*:*:*
History

24 Oct 2025, 17:15

Type Values Removed Values Added
References
  • () https://www.forescout.com/blog/new-tp-link-router-vulnerabilities-a-primer-on-rooting-routers/ -

24 Oct 2025, 13:03

Type Values Removed Values Added
CPE cpe:2.3:o:tp-link:er706w-4g_firmware:1.2.1:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:g36_firmware:1.1.4:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr307-m2_firmware:1.2.5:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:er707-m2_firmware:1.3.1:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr365_firmware:1.1.10:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:er706w_firmware:1.2.1:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7212pc_firmware:2.1.3:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:g611_firmware:1.2.2:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:er8411_firmware:1.3.3:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7412-m2_firmware:1.1.0:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr205_firmware:1.0.3:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7206_firmware:2.2.2:-:*:*:*:*:*:*
cpe:2.3:o:tp-link:er605_firmware:2.3.1:-:*:*:*:*:*:*

23 Oct 2025, 19:57

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
First Time Tp-link er8411 Firmware
Tp-link er7212pc
Tp-link er707-m2
Tp-link fr205
Tp-link er706w
Tp-link er707-m2 Firmware
Tp-link er7212pc Firmware
Tp-link fr307-m2 Firmware
Tp-link er706w-4g Firmware
Tp-link er605
Tp-link g611
Tp-link fr307-m2
Tp-link g611 Firmware
Tp-link fr365 Firmware
Tp-link er7206
Tp-link
Tp-link g36 Firmware
Tp-link er706w Firmware
Tp-link g36
Tp-link er7412-m2 Firmware
Tp-link er7206 Firmware
Tp-link er7412-m2
Tp-link er605 Firmware
Tp-link er706w-4g
Tp-link er8411
Tp-link fr365
Tp-link fr205 Firmware
CPE cpe:2.3:h:tp-link:er707-m2:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:er7212pc:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:er7412-m2:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er706w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:fr365:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7212pc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:fr205:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7412-m2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:g36:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:fr307-m2:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr307-m2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:er8411:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:g611_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr205_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:er605:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er605_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er706w-4g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er7206_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:er706w-4g:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:fr365_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:g611:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er707-m2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:g36_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:er706w:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:er8411_firmware:*:*:*:*:*:*:*:*
References () https://support.omadanetworks.com/en/document/108456/ - () https://support.omadanetworks.com/en/document/108456/ - Vendor Advisory
References () https://www.omadanetworks.com/us/business-networking/all-omada-router/ - () https://www.omadanetworks.com/us/business-networking/all-omada-router/ - Product
References () https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/ - () https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/ - Product
References () https://www.tp-link.com/us/business-networking/soho-festa-gateway/ - () https://www.tp-link.com/us/business-networking/soho-festa-gateway/ - Product

21 Oct 2025, 14:15

Type Values Removed Values Added
CWE CWE-269

21 Oct 2025, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-10-21 01:15

Updated : 2025-10-24 17:15

NVD link : CVE-2025-7851

Mitre link : CVE-2025-7851

CVE.ORG link : CVE-2025-7851

JSON object : View

Products Affected

tp-link

  • fr205_firmware
  • fr365
  • er605_firmware
  • er7206
  • er8411
  • fr307-m2
  • er706w-4g
  • er707-m2_firmware
  • er7412-m2
  • er706w-4g_firmware
  • er7212pc
  • er707-m2
  • g611
  • g36_firmware
  • er7206_firmware
  • er706w_firmware
  • er7212pc_firmware
  • er8411_firmware
  • er605
  • fr307-m2_firmware
  • fr365_firmware
  • g611_firmware
  • fr205
  • er7412-m2_firmware
  • er706w
  • g36
CWE
CWE-269

Improper Privilege Management