9.8

CVE-2025-7851

Medienbericht

Unauthorized root access via debug functionality

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tp-linkFr307-m2 Firmware Version < 1.2.5
   Tp-linkFr307-m2 Version-
Tp-linkFr307-m2 Firmware Version1.2.5 Update-
   Tp-linkFr307-m2 Version-
Tp-linkFr205 Firmware Version < 1.0.3
   Tp-linkFr205 Version-
Tp-linkFr205 Firmware Version1.0.3 Update-
   Tp-linkFr205 Version-
Tp-linkFr365 Firmware Version < 1.1.10
   Tp-linkFr365 Version-
Tp-linkFr365 Firmware Version1.1.10 Update-
   Tp-linkFr365 Version-
Tp-linkG611 Firmware Version < 1.2.2
   Tp-linkG611 Version-
Tp-linkG611 Firmware Version1.2.2 Update-
   Tp-linkG611 Version-
Tp-linkG36 Firmware Version < 1.1.4
   Tp-linkG36 Version-
Tp-linkG36 Firmware Version1.1.4 Update-
   Tp-linkG36 Version-
Tp-linkEr7212pc Firmware Version < 2.1.3
   Tp-linkEr7212pc Version-
Tp-linkEr7212pc Firmware Version2.1.3 Update-
   Tp-linkEr7212pc Version-
Tp-linkEr706w-4g Firmware Version < 1.2.1
   Tp-linkEr706w-4g Version-
Tp-linkEr706w-4g Firmware Version1.2.1 Update-
   Tp-linkEr706w-4g Version-
Tp-linkEr706w Firmware Version < 1.2.1
   Tp-linkEr706w Version-
Tp-linkEr706w Firmware Version1.2.1 Update-
   Tp-linkEr706w Version-
Tp-linkEr605 Firmware Version < 2.3.1
   Tp-linkEr605 Version-
Tp-linkEr605 Firmware Version2.3.1 Update-
   Tp-linkEr605 Version-
Tp-linkEr7206 Firmware Version < 2.2.2
   Tp-linkEr7206 Version-
Tp-linkEr7206 Firmware Version2.2.2 Update-
   Tp-linkEr7206 Version-
Tp-linkEr707-m2 Firmware Version < 1.3.1
   Tp-linkEr707-m2 Version-
Tp-linkEr707-m2 Firmware Version1.3.1 Update-
   Tp-linkEr707-m2 Version-
Tp-linkEr7412-m2 Firmware Version < 1.1.0
   Tp-linkEr7412-m2 Version-
Tp-linkEr7412-m2 Firmware Version1.1.0 Update-
   Tp-linkEr7412-m2 Version-
Tp-linkEr8411 Firmware Version < 1.3.3
   Tp-linkEr8411 Version-
Tp-linkEr8411 Firmware Version1.3.3 Update-
   Tp-linkEr8411 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.17
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
f23511db-6c3e-4e32-a477-6aa17d310630 8.7 0 0
CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.