8.8
CVE-2025-6541
- EPSS 0.06%
- Veröffentlicht 21.10.2025 00:21:42
- Zuletzt bearbeitet 24.10.2025 13:45:38
- Quelle f23511db-6c3e-4e32-a477-6aa17d
- CVE-Watchlists
- Unerledigt
LoginAn arbitrary OS command may be executed on the product by the user who can log in to the web management interface.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tp-link ≫ Er706w Firmware Version < 1.2.1
Tp-link ≫ Er706w Firmware Version1.2.1 Update-
Tp-link ≫ Er706w-4g Firmware Version < 1.2.1
Tp-link ≫ Er706w-4g Firmware Version1.2.1 Update-
Tp-link ≫ Er7212pc Firmware Version < 2.1.3
Tp-link ≫ Er7212pc Firmware Version2.1.3 Update-
Tp-link ≫ G36 Firmware Version < 1.1.4
Tp-link ≫ G36 Firmware Version1.1.4 Update-
Tp-link ≫ G611 Firmware Version < 1.2.2
Tp-link ≫ G611 Firmware Version1.2.2 Update-
Tp-link ≫ Fr365 Firmware Version < 1.1.10
Tp-link ≫ Fr365 Firmware Version1.1.10 Update-
Tp-link ≫ Fr205 Firmware Version < 1.0.3
Tp-link ≫ Fr205 Firmware Version1.0.3 Update-
Tp-link ≫ Fr307-m2 Firmware Version < 1.2.5
Tp-link ≫ Fr307-m2 Firmware Version1.2.5 Update-
Tp-link ≫ Er8411 Firmware Version < 1.3.3
Tp-link ≫ Er8411 Firmware Version1.3.3 Update-
Tp-link ≫ Er7412-m2 Firmware Version < 1.1.0
Tp-link ≫ Er7412-m2 Firmware Version1.1.0 Update-
Tp-link ≫ Er707-m2 Firmware Version < 1.3.1
Tp-link ≫ Er707-m2 Firmware Version1.3.1 Update-
Tp-link ≫ Er7206 Firmware Version < 2.2.2
Tp-link ≫ Er7206 Firmware Version2.2.2 Update-
Tp-link ≫ Er605 Firmware Version < 2.3.1
Tp-link ≫ Er605 Firmware Version2.3.1 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.191 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| f23511db-6c3e-4e32-a477-6aa17d310630 | 8.6 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.