Search
Search Results (7 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9290 | 1 Tp-link | 114 Beam Bridge 5 Ur, Beam Bridge 5 Ur Firmware, Dr3220v-4g and 111 more | 2026-03-16 | 5.9 Medium |
| An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality. | ||||
| CVE-2025-7851 | 1 Tp-link | 27 Er605, Er605 Firmware, Er706w and 24 more | 2025-10-24 | 9.8 Critical |
| An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways. | ||||
| CVE-2025-7850 | 1 Tp-link | 27 Er605, Er605 Firmware, Er706w and 24 more | 2025-10-24 | 7.2 High |
| A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways. | ||||
| CVE-2025-6542 | 1 Tp-link | 28 Er605, Er605 Firmware, Er706w and 25 more | 2025-10-24 | 9.8 Critical |
| An arbitrary OS command may be executed on the product by a remote unauthenticated attacker. | ||||
| CVE-2025-6541 | 1 Tp-link | 28 Er605, Er605 Firmware, Er706w and 25 more | 2025-10-24 | 8.8 High |
| An arbitrary OS command may be executed on the product by the user who can log in to the web management interface. | ||||
| CVE-2024-1180 | 2 Tp-link, Tp Link | 4 Er605, Omada Er605, Omada Er605 Firmware and 1 more | 2025-08-08 | 8.0 High |
| TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability. The specific issue exists within the handling of the name field in the access control user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22227. | ||||
| CVE-2024-1179 | 2 Tp-link, Tp Link | 4 Er605, Omada Er605, Omada Er605 Firmware and 1 more | 2025-08-08 | 8.8 High |
| TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DHCP options. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22420. | ||||
Page 1 of 1.