CVE-2025-7851 — CVSS 9.8 (critical): An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
CVE-2025-6541 — CVSS 8.8 (high): An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.
CVE-2025-7850 — CVSS 7.2 (high): A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.