All news with #tp-link tag

Proposed U.S. Ban on TP-Link Routers Raises Concerns

🔍 The U.S. government is weighing a ban on sales of TP‑Link networking gear amid concerns that the company may be subject to Chinese government influence and that its products handle sensitive U.S. data. TP‑Link Systems disputes the claims, says it split from its China-based namesake, and notes many competitors source components from China. The piece highlights industry-wide risks — insecure defaults, outdated firmware, and ISP-deployed devices — and suggests OpenWrt and similar open-source firmware as mitigations for technically capable users.

Critical and High Flaws Found in TP-Link VPN Routers

🔒 Researchers at Forescout’s Vedere Labs have disclosed two vulnerabilities in TP-Link Omada and Festa VPN routers that enable command injection and potential unauthorized root access. The flaws are tracked as CVE-2025-7850 (critical, CVSS v4.0 9.3) and CVE-2025-7851 (high, CVSS v4.0 8.7) and stem from an incomplete 2024 fix that left debug functionality and alternate attack paths. TP-Link has published firmware updates; Vedere Labs urges immediate patching and additional mitigations including WAFs, disabling remote admin, and improved monitoring.

TP-Link fixes four critical Omada Gateway vulnerabilities

🔒 TP-Link has published firmware updates to address four security flaws in its Omada gateway devices, including two critical command injection vulnerabilities that could allow arbitrary command execution on the device OS. The issues are tracked as CVE-2025-6541, CVE-2025-6542, CVE-2025-7850 and CVE-2025-7851, affecting multiple ER, FR and G-series models. Users are urged to install the patched builds promptly and verify device configurations after upgrading.

TP-Link Omada Gateways Vulnerable to Critical RCE Flaw

⚠️ TP-Link has disclosed two command injection vulnerabilities affecting Omada gateway devices that allow execution of arbitrary OS commands. One issue, CVE-2025-6542 (CVSS 9.3), can be exploited remotely without authentication; the other, CVE-2025-6541 (CVSS 8.6), requires access to the web management interface. Thirteen models are listed as impacted and TP-Link has released firmware updates to address the flaws; administrators are urged to apply patches and verify configurations after upgrading.

New TP-Link CWMP Zero-Day Targets Multiple Routers

🔒TP-Link has confirmed an unpatched zero-day in its CWMP implementation that can enable remote code execution on multiple routers. Independent researcher Mehrun (ByteRay) reported the issue to TP-Link on May 11, 2024; the flaw is a stack-based buffer overflow in the SOAP SetParameterValues handler caused by unbounded strncpy calls. TP-Link says a patch exists for some European firmware builds and that fixes for U.S. and other global versions are in development; users should update firmware, change default admin credentials, and disable CWMP if it is not required.

CISA Adds Two Exploited TP-Link Router Vulnerabilities

🔔 CISA has added two TP-Link router vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after observing in-the-wild exploitation activity. The flaws—CVE-2023-50224 (CVSS 6.5), an authentication bypass via spoofing in the httpd service exposing stored credentials at /tmp/dropbear/dropbearpwd, and CVE-2025-9377 (CVSS 8.6), an OS command injection enabling remote code execution—affect multiple TL-WR841 and Archer C7 models. TP-Link says several affected models are End-of-Life, released firmware updates in November 2024, and recommends upgrading hardware; CISA urges federal agencies to apply mitigations by September 24, 2025.

CISA Adds Two TP-Link Vulnerabilities to KEV Catalog

⚠️ CISA has added two TP-Link vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation: CVE-2023-50224 (TL-WR841N authentication bypass) and CVE-2025-9377 (Archer C7(EU) and TL-WR841N/ND(MS) OS command injection). The agency notes these flaw types are frequent attack vectors and impose significant risk to the federal enterprise under BOD 22-01. Although the directive binds Federal Civilian Executive Branch agencies, CISA urges all organizations to prioritize remediation and reduce exposure.

CISA Adds TP-Link and WhatsApp Vulnerabilities to KEV

🔒 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high‑severity flaw in TP‑Link TL‑WA855RE Wi‑Fi range extenders (CVE‑2020‑24363, CVSS 8.8) to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The missing authentication issue lets an unauthenticated attacker on the same network submit a TDDP_RESET request to factory‑reset the device and set a new administrative password. CISA also added a WhatsApp vulnerability (CVE‑2025‑55177, CVSS 5.4) that was chained with an Apple platform flaw in a targeted spyware campaign; federal agencies must apply mitigations by September 23, 2025.