CVE-2025-6542

high-risk
Published 2025-10-21

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.

Do I need to act?

-
0.13% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Er8411 Firmware
Er8411 Firmware
Er7412-M2 Firmware
Er7412-M2 Firmware
Er707-M2 Firmware
Er707-M2 Firmware
Er7206 Firmware
Er7206 Firmware
Er605 Firmware
Er605 Firmware
Er706W Firmware
Er706W Firmware
Er706W-4G Firmware
Er706W-4G Firmware
Er7212Pc Firmware
Er7212Pc Firmware
G36 Firmware
G36 Firmware
G611 Firmware
G611 Firmware

Affected Vendors

Tp-Link

References (4)

Vendor Advisory https://support.omadanetworks.com/en/document/108455/
Product https://www.omadanetworks.com/us/business-networking/all-omada-router/
Product https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-rout...
Product https://www.tp-link.com/us/business-networking/soho-festa-gateway/
54
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 1/34 · Minimal
Exposure 21/34 · High