Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

fr365

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

5
Related CVEsRelated VendorsRelated AssignersReports
5Vulnerabilities found
CVE-2025-9290
Assigner-TP-Link Systems Inc.
ShareView Details
Assigner-TP-Link Systems Inc.
CVSS Score-6||MEDIUM
EPSS-0.03% / 10.91%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 23:14
Updated-16 Mar, 2026 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Weakness on Omada Controllers, Gateways and Access Points

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-oc200_firmwareoc300eap610gp-desktop_firmwareeap650gp-desktop_firmwareeap211_bridge_kit_firmwaredr3650v-4geap650gp-desktopeap235-walleap230-wall_firmwareeap773eap650-desktopeap603gp-desktop_firmwareoc220_firmwareeap615-wall_firmwareeap773_firmwareoc400eap770eap615gp-wall_firmwareer706w-4g_firmwaredr3650v_firmwareeap623-outdoor_hd_firmwaredr3220v-4g_firmwareeap650-outdoor_firmwareer7206oc300_firmwareeap610eap603gp-desktopeap650-desktop_firmwareer605eap653_firmwareer701-5g-outdoor_firmwareeap625gp-walleap615-waller706wp-4g_firmwareeap620_hdeap725-wall_firmwareer706wp-4geap211_bridge_kiter7206_firmwareer706w-4ger703wp-4g-outdoor_firmwareeap610-outdoor_firmwareeap772-outdoorer7412-m2eap653er7212pc_firmwareeap655-waller7406eap230-walleap660_hdfr365_firmwareeap650-outdooreap215_bridge_kit_firmwareeap783eap610-outdooreap783_firmwareeap623-outdoor_hddr3650v-4g_firmwareeap100-bridge_kiteap235-wall_firmwareeap620_hd_firmwareeap653_urer701-5g-outdoorer605wer707-m2_firmwareeap723_firmwareg36w-4g_firmwareeap720eap215_bridge_kitoc200er605_firmwaredr3220v-4geap625-outdoor_hd_firmwareeap772_firmwareomada_controllereap603-outdoor_firmwareer8411_firmwareer8411eap653_ur_firmwarefr365er707-m2eap772-outdoor_firmwareer7212pcdr3650veap725-waller706w_firmwareer7412-m2_firmwareer605w_firmwareeap787beam_bridge_5_urer706weap100-bridge_kit_firmwareeap603-outdooreap787_firmwareeap720_firmwareeap772eap655-wall_firmwareeap625-outdoor_hdeap660_hd_firmwareeap723er703wp-4g-outdoorg36w-4geap770_firmwareeap610gp-desktopbeam_bridge_5_ur_firmwareeap625gp-wall_firmwareoc220er7406_firmwareoc400_firmwareeap615gp-walleap610_firmwareOmada Gateway (ER706W-4G 2.0)Omada Access Point (EAP615-Wall v1.0/v1.20)Omada Gateway (ER605W 2.0)Omada Hardware Controller (OC200, OC300, OC400)Omada Gateway (ER8411)Omada Gateway (ER605 v2.0)Omada Software ControllerOmada Access Point (EAP723 v1.0, EAP772 v2.0, EAP772-Outdoor v 1.0, EAP770 v2.0)Omada Gateway (ER7412-M2, ER706WP-4G, ER703WP-4G-Outdoor, DR3220v-4G, DR3650v, DR3650v-4G)Omada Gateway (ER7406, ER706W, ER706-4G)Omada Access Point (EAP655-Wall v1.0)Omada Access Point (EAP650GP-Desktop 1.0)Omada Gateway G36W-4GOmada Access Point (EAP660 HD v1.0/v2.0, EAP620 HD v2.0/v3.0/v3.20, EAP610/EAP610-Outdoor v1.0/v2.0, EAP623-Outdoor HD v1.0, EAP625-Outdoor HD v1.0)EAPOmada Access Point (EAP653 UR v1.0)Omada Access Point (EAP653 v1.0, EAP650-Outdoor v1.0)Omada Gateway (ER707-M2, ER-8411)Omada Access Point (EAP215 Bridge KIT 3.0, EAP211 Bridge KIT 3.0)Omada Cloud ControllerOmada Access Point (EAP772 v1.0, EAP773 v1.0, EAP783 v1.0, EAP787 v1.0, EAP720 v1.0, EAP725-Wall v1.0, EAp723 v2.0)Omada Access Point (EAP603-Outdoor v1.0, EAP615-Wall v1.0/v1.20)Omada Gateway (ER701-5G-Outdoor)Omada Access Point (EAP230-Wall v1.0, EAP235-Wall v1.0)Omada Hardware Controller OC220Omada Gateway ER7212PC 2.0Omada EAP100-Bridge KIT v1.0Omada Gateway (ER7206 v2.0)Omada Beam Bridge 5 UR v1.0Omada Access Point (EAP603GP-Desktop, EAP615GP-Wall 1.0/1.20, EAP625GP-Wall 1.0/1.20, EAP610GP-Desktop 1.0/1.20/1.26), EAP650-Desktop v1.0)Omada Festa Gateway FR365
CWE ID-CWE-760
Use of a One-Way Hash with a Predictable Salt
CVE-2025-7851
Assigner-TP-Link Systems Inc.
ShareView Details
Assigner-TP-Link Systems Inc.
CVSS Score-8.7||HIGH
EPSS-0.06% / 19.03%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 00:29
Updated-24 Oct, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized root access via debug functionality

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-er7212pcer7412-m2_firmwarefr205_firmwarefr365_firmwareer8411_firmwareer7412-m2er706w_firmwareg36_firmwareer7212pc_firmwarefr307-m2er706wer8411er706w-4ger605_firmwarefr365er707-m2er7206fr205er706w-4g_firmwarefr307-m2_firmwareer7206_firmwareg611er605g611_firmwareg36er707-m2_firmwareOmada Pro gatewaysFesta gatewaysOmada gateways
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-7850
Assigner-TP-Link Systems Inc.
ShareView Details
Assigner-TP-Link Systems Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.66% / 71.71%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 00:28
Updated-24 Oct, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated OS command execution

A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-er7412-m2_firmwareer7212pcfr205_firmwareer8411_firmwarefr365_firmwareer7412-m2er706w_firmwareg36_firmwareer7212pc_firmwarefr307-m2er706wer8411er706w-4ger605_firmwarefr365er707-m2er7206fr205er706w-4g_firmwarefr307-m2_firmwareer7206_firmwareg611er605g611_firmwareg36er707-m2_firmwareOmada Pro gatewaysFesta gatewaysOmada gateways
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-6542
Assigner-TP-Link Systems Inc.
ShareView Details
Assigner-TP-Link Systems Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.15% / 35.01%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 00:23
Updated-24 Oct, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS command injection in multiple parameters

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-er7412-m2_firmwareer7212pcfr205_firmwareer8411_firmwarefr365_firmwareer7412-m2er706w_firmwareg36_firmwareer7212pc_firmwarefr307-m2er706wer8411er706w-4ger605_firmwarefr365er707-m2er7206fr205er706w-4g_firmwarefr307-m2_firmwareer7206_firmwareg611er605g611_firmwareg36er707-m2_firmwareOmada Pro gatewaysFesta gatewaysOmada gateways
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-6541
Assigner-TP-Link Systems Inc.
ShareView Details
Assigner-TP-Link Systems Inc.
CVSS Score-8.6||HIGH
EPSS-0.09% / 25.67%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 00:21
Updated-24 Oct, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS command injection using information obtained from the web management interface

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-er7212pcer7412-m2_firmwarefr205_firmwarefr365_firmwareer8411_firmwareer7412-m2er706w_firmwareg36_firmwareer7212pc_firmwarefr307-m2er706wer8411er706w-4ger605_firmwarefr365er707-m2er7206fr205er706w-4g_firmwarefr307-m2_firmwareer7206_firmwareg611er605g611_firmwareg36er707-m2_firmwareOmada Pro gatewaysFesta gatewaysOmada gateways
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')