Vulnerability Description
An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Er706W Firmware | < 1.2.1 |
| Tp-Link | Er706W | - |
| Tp-Link | Er706W-4G Firmware | < 1.2.1 |
| Tp-Link | Er706W-4G | - |
| Tp-Link | Er7212Pc Firmware | < 2.1.3 |
| Tp-Link | Er7212Pc | - |
| Tp-Link | G36 Firmware | < 1.1.4 |
| Tp-Link | G36 | - |
| Tp-Link | G611 Firmware | < 1.2.2 |
| Tp-Link | G611 | - |
| Tp-Link | Fr365 Firmware | < 1.1.10 |
| Tp-Link | Fr365 | - |
| Tp-Link | Fr205 Firmware | < 1.0.3 |
| Tp-Link | Fr205 | - |
| Tp-Link | Fr307-M2 Firmware | < 1.2.5 |
| Tp-Link | Fr307-M2 | - |
| Tp-Link | Er8411 Firmware | < 1.3.3 |
| Tp-Link | Er8411 | - |
| Tp-Link | Er7412-M2 Firmware | < 1.1.0 |
| Tp-Link | Er7412-M2 | - |
Related Weaknesses (CWE)
References
- https://support.omadanetworks.com/en/document/108455/Vendor Advisory
- https://www.omadanetworks.com/us/business-networking/all-omada-router/Product
- https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-routProduct
- https://www.tp-link.com/us/business-networking/soho-festa-gateway/Product
FAQ
What is CVE-2025-6541?
CVE-2025-6541 is a vulnerability with a CVSS score of 8.8 (HIGH). An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.
How severe is CVE-2025-6541?
CVE-2025-6541 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-6541?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Er706W Firmware, Tp-Link Er706W, Tp-Link Er706W-4G Firmware, Tp-Link Er706W-4G, Tp-Link Er7212Pc Firmware.