CVE-2025-7851 — CVSS 9.8 (critical): An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
CVE-2025-6541 — CVSS 8.8 (high): An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.
CVE-2023-46683 — CVSS 7.2 (high): A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada…
CVE-2023-47167 — CVSS 7.2 (high): A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router…
CVE-2023-47209 — CVSS 7.2 (high): A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router…
CVE-2023-47617 — CVSS 7.2 (high): A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN…
CVE-2023-47618 — CVSS 7.2 (high): A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router…
CVE-2024-21827 — CVSS 7.2 (high): A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build…
CVE-2025-7850 — CVSS 7.2 (high): A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.
CVE-2023-36498 — CVSS 7.2 (high): A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router…
CVE-2023-42664 — CVSS 7.2 (high): A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit…
CVE-2023-43482 — CVSS 7.2 (high): A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build…
CVE-2025-9290 — CVSS 5.9 (medium): An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper…