"Two security flaws have been spotted in TP-Link routers, and one is the result of the company's patch for a previous flaw. That's according to Forescout Research's Vedere Labs, which spotted a flaw (CVE-2025-7850) that allows OS command injection via WireGuard VPN settings. Another (CVE-2025-7851) allows unauthorized root access via residual debug code following a patch of a previous flaw. Researchers Stanislav Dashevskyi and Francesco La Spina said they partially pinned their discovery on the use of a technique called "vulnerability variant hunting"."
"Researchers noted that the newly discovered vulnerabilities impact TP-Link Omada and Festa VPN routers. Both flaws allowed them to gain root privileges and "served as the foundation for broader vulnerability research across additional TP-Link device families. One of the flaws (CVE-2025-7851) is the result of TP-Link's patch for a previous flaw (CVE-2024-21827) which left debug functionality accessible, creating an access route for attackers to take advantage of."
Two vulnerabilities affect TP-Link Omada and Festa VPN routers: CVE-2025-7850 enables OS command injection through WireGuard VPN settings, and CVE-2025-7851 grants unauthorized root access via residual debug functionality. Stanislav Dashevskyi and Francesco La Spina identified the issues using vulnerability variant hunting, a technique that seeks new exploitation paths for known bugs. The TP-Link Omada security advisory classifies the flaws as critical and high severity. Both vulnerabilities allowed researchers to achieve root privileges and served as a basis for broader research across TP-Link device families. One vulnerability emerged after a 2024 patch (CVE-2024-21827) that left debug code accessible, creating an attack vector.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]