TP-Link has acknowledged a zero-day vulnerability affecting multiple router models, which allows for remote code execution due to a stack-based buffer overflow in its CWMP implementation. While a patch is available for European models, users are advised to change default passwords and disable CWMP if not needed until more fixes are released. Additionally, CISA has warned about previously exploited vulnerabilities in TP-Link routers that have been used by threat actors for malicious activities.

TP-Link has issued a warning about two critical command injection vulnerabilities in its Omada gateway devices, which could allow attackers to execute arbitrary OS commands. One vulnerability, CVE-2025-6542, has a critical severity rating of 9.3 and can be exploited remotely without authentication, while the other, CVE-2025-6541, requires user authentication. Users are urged to apply firmware updates to mitigate these risks along with two additional severe flaws affecting the same devices.