Vulnerability Database

319,478

Total vulnerabilities in the database

CVE-2025-6541

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.

Published: Oct 21, 2025
Updated: Nov 17, 2025
CVE: CVE-2025-6541
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
tp-link / er706w_firmware	-	1.2.1
tp-link / er706w_firmware	1.2.1	1.2.1.x
tp-link / er706w-4g_firmware	-	1.2.1
tp-link / er706w-4g_firmware	1.2.1	1.2.1.x
tp-link / er7212pc_firmware	-	2.1.3
tp-link / er7212pc_firmware	2.1.3	2.1.3.x
tp-link / g36_firmware	-	1.1.4
tp-link / g36_firmware	1.1.4	1.1.4.x
tp-link / g611_firmware	-	1.2.2
tp-link / g611_firmware	1.2.2	1.2.2.x
tp-link / fr365_firmware	-	1.1.10
tp-link / fr365_firmware	1.1.10	1.1.10.x
tp-link / fr205_firmware	-	1.0.3
tp-link / fr205_firmware	1.0.3	1.0.3.x
tp-link / fr307-m2_firmware	-	1.2.5
tp-link / fr307-m2_firmware	1.2.5	1.2.5.x
tp-link / er8411_firmware	-	1.3.3
tp-link / er8411_firmware	1.3.3	1.3.3.x
tp-link / er7412-m2_firmware	-	1.1.0
tp-link / er7412-m2_firmware	1.1.0	1.1.0.x
tp-link / er707-m2_firmware	-	1.3.1
tp-link / er707-m2_firmware	1.3.1	1.3.1.x
tp-link / er7206_firmware	-	2.2.2
tp-link / er7206_firmware	2.2.2	2.2.2.x
tp-link / er605_firmware	-	2.3.1
tp-link / er605_firmware	2.3.1	2.3.1.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime