The National Computer Emergency Response Team (National CERT) has issued a warning about several dangerous security flaws found in TP-Link’s Omada Gateway devices, which are commonly used by businesses to manage their internet networks. These vulnerabilities could allow hackers to take full control of affected systems and steal or manipulate sensitive data.
According to the advisory, multiple weaknesses have been found, tracked as CVE-2025-6541, CVE-2025-6542, CVE-2025-7850, and CVE-2025-7851, that could let attackers remotely execute code, gain unauthorized root access, inject malicious commands, or change configuration settings. If exploited, these flaws could lead to complete device compromise, allowing cybercriminals to move through internal networks, steal data, or install malware.
The affected TP-Link models include ER8411, ER707-M2, ER605, ER706W, and several others running outdated or unpatched firmware versions.
These vulnerabilities are rated critical to high (scoring between 8.6 and 9.8 on the CVSS severity scale) and can be exploited remotely with minimal effort and often without user interaction. Hackers can take advantage of misconfigured or publicly exposed management interfaces, gaining full administrative control and maintaining access to compromised networks, posing serious risks to both large enterprises and small businesses.
National CERT has urged all organizations using TP-Link Omada devices to immediately install the latest firmware updates, released in October 2025. For systems where updates cannot be applied right away, administrators should:
The advisory also recommends enabling multi-factor authentication (MFA), using intrusion detection systems (IDS), and monitoring for unusual login or command activity.
National CERT emphasized that immediate action and continuous monitoring are critical, as real-world attacks have already begun targeting unpatched Omada devices.