Er605 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-7851	1 Tp-link	27 Er605, Er605 Firmware, Er706w and 24 more	2025-10-24	9.8 Critical
An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
CVE-2025-7850	1 Tp-link	27 Er605, Er605 Firmware, Er706w and 24 more	2025-10-24	7.2 High
A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.
CVE-2025-6542	1 Tp-link	28 Er605, Er605 Firmware, Er706w and 25 more	2025-10-24	9.8 Critical
An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.
CVE-2025-6541	1 Tp-link	28 Er605, Er605 Firmware, Er706w and 25 more	2025-10-24	8.8 High
An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.
CVE-2024-1180	2 Tp-link, Tp Link	4 Er605, Omada Er605, Omada Er605 Firmware and 1 more	2025-08-08	8.0 High
TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability. The specific issue exists within the handling of the name field in the access control user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22227.
CVE-2024-1179	2 Tp-link, Tp Link	4 Er605, Omada Er605, Omada Er605 Firmware and 1 more	2025-08-08	8.8 High
TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DHCP options. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22420.

Page 1 of 1.