MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-6542

🚨 CRITICAL

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.

Published
Oct 21, 2025
Last Modified
Oct 24, 2025
Views
1
Bookmarks
0

Description

Request Expert Review

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.

Affected Products (26)

tp-link - er8411_firmware

Version: *

tp-link - er8411_firmware

Version: 1.3.3

tp-link - er7412-m2_firmware

Version: *

tp-link - er7412-m2_firmware

Version: 1.1.0

tp-link - er707-m2_firmware

Version: *

tp-link - er707-m2_firmware

Version: 1.3.1

tp-link - er7206_firmware

Version: *

tp-link - er7206_firmware

Version: 2.2.2

tp-link - er605_firmware

Version: *

tp-link - er605_firmware

Version: 2.3.1

tp-link - er706w_firmware

Version: *

tp-link - er706w_firmware

Version: 1.2.1

tp-link - er706w-4g_firmware

Version: *

tp-link - er706w-4g_firmware

Version: 1.2.1

tp-link - er7212pc_firmware

Version: *

tp-link - er7212pc_firmware

Version: 2.1.3

tp-link - g36_firmware

Version: *

tp-link - g36_firmware

Version: 1.1.4

tp-link - g611_firmware

Version: *

tp-link - g611_firmware

Version: 1.2.2

tp-link - fr365_firmware

Version: *

tp-link - fr365_firmware

Version: 1.1.10

tp-link - fr205_firmware

Version: *

tp-link - fr205_firmware

Version: 1.0.3

tp-link - fr307-m2_firmware

Version: *

tp-link - fr307-m2_firmware

Version: 1.2.5

CVSS Scores

CVSS 3.1 9.8
9.8
CRITICAL
CVSS 2.0 9.8

References

support.omadanetworks.com www.omadanetworks.com www.omadanetworks.com www.tp-link.com

Additional Information

Source
f23511db-6c3e-4e32-a477-6aa17d310630
State
Analyzed

Related CVEs

CVE-2025-13161

HIGH

IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relati...

Score: 7.5

CVE-2025-13160

MEDIUM

IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to a...

Score: 5.3

CVE-2025-12904

HIGH

The SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'insert_data' AJAX endpoint in all versions up...

Score: 7.2

CVE-2025-64530

HIGH

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composi...

Score: 7.5

CVE-2025-64753

MEDIUM

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints li...

Score: 5.3

CVE-2025-64752

MEDIUM

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for f...

Score: 6.8

Share CVE-2025-6542

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-6542 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis