All news with #firmware tag

TP-Link Omada Gateways Vulnerable to Critical RCE Flaw

⚠️ TP-Link has disclosed two command injection vulnerabilities affecting Omada gateway devices that allow execution of arbitrary OS commands. One issue, CVE-2025-6542 (CVSS 9.3), can be exploited remotely without authentication; the other, CVE-2025-6541 (CVSS 8.6), requires access to the web management interface. Thirteen models are listed as impacted and TP-Link has released firmware updates to address the flaws; administrators are urged to apply patches and verify configurations after upgrading.

New Supermicro BMC Flaws Expose Firmware Validation

🔒 Researchers have published details of two high-severity vulnerabilities in Supermicro BMC firmware — CVE-2025-7937 and CVE-2025-6198 — each rated CVSS 7.2. Both flaws weaken firmware validation and the implementation of the Root of Trust, allowing an attacker with administrative access to install or manipulate signed firmware and gain persistent, low-level control of affected servers. Binarly found one issue while testing Supermicro’s January patch for a related flaw and advises prompt patching, strict firmware integrity checks, and enabling hardware RoT where available to mitigate risk.