OS command injection using information obtained from the web management...

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.

AI Analysis

Arbitrary OS command execution via web management interface

Basic Information

ID CVE-2025-6541

Source TPLink

Published Oct 21, 2025 at 00:21

Affected Product

Vendor TP-Link Systems Inc.

Product Omada gateways

Affected Versions TP-Link Systems Inc. Omada gateways 0
TP-Link Systems Inc. Festa gateways 0
TP-Link Systems Inc. Omada Pro gateways 0

CWE Classification

CWE-78

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor TP-Link

Product Omada gateways

References

{
    "lastseen": "",
    "description": "An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.",
    "published": "2025-10-21T00:21:42.535Z",
    "modified": "2025-10-21T00:21:42.535Z",
    "type": "cve",
    "title": "OS command injection using information obtained from the web management interface",
    "source": "TPLink",
    "references": "https://support.omadanetworks.com/en/document/108455/\nhttps://www.omadanetworks.com/us/business-networking/all-omada-router/\nhttps://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/\nhttps://www.tp-link.com/us/business-networking/soho-festa-gateway/",
    "id": "CVE-2025-6541",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "TP-Link Systems Inc. Omada gateways 0\nTP-Link Systems Inc. Festa gateways 0\nTP-Link Systems Inc. Omada Pro gateways 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Omada gateways",
    "version": "0",
    "vendor": "TP-Link Systems Inc.",
    "ai_description": "Arbitrary OS command execution via web management interface",
    "ai_severity": "High",
    "ai_vendor": "TP-Link",
    "ai_product": "Omada gateways",
    "ai_version": "0",
    "ai_score": 8.6
}

OS command injection using information obtained from the web management interface_CVE-2025-6541