Primary

Context

TP-Link Omada Gateways Command Injection Vulnerability Allowing Arbitrary Command Execution

Vulnerability

A command injection vulnerability has been identified in TP-Link Omada gateways. This vulnerability can be exploited after an admin has authenticated on the web portal. Successful exploitation allows attackers to execute arbitrary commands on the device's underlying operating system.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands on the device's operating system, potentially allowing for further exploitation or manipulation of the device.

Remediation

Users are advised to update to the latest firmware version available for their specific device model. After upgrading, it is recommended to change the device password to mitigate the risk of password leakage.

Added: Oct 21, 2025, 1:18 AM

Updated: Oct 21, 2025, 1:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Omada Gateways Command Injection Vulnerability Allowing Arbitrary Command Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating