Critical Vulnerabilities in TP-Link Omada and Festa VPN Routers

Recent investigations by Forescout Research – Vedere Labs have unveiled critical vulnerabilities in TP-Link’s Omada and Festa VPN routers, raising significant concerns for users. These flaws could potentially allow attackers to take control of the devices, posing serious risks to network security.

The Severity of the Vulnerabilities

One of the most alarming vulnerabilities identified is tracked as CVE-2025-7850. This particular flaw enables attackers to execute OS command injections due to improper sanitization of user input. With a severity score soaring to 9.3, this vulnerability is critical, especially considering that it can sometimes be exploited without needing any credentials for the targeted device. This level of accessibility poses a direct threat to the integrity of users’ networks, emphasizing the urgency for immediate action.

In addition to the first vulnerability, researchers also flagged CVE-2025-7851, which is responsible for granting root access via residual debug code. This flaw carries a severity rating of 8.7 and exposes hidden functionalities that facilitate root login through SSH. Such access can have devastating consequences, allowing attackers to gain deeper control and manipulate the network environment.

Historical Context of Vulnerabilities in TP-Link Devices

TP-Link devices have not been strangers to exploitation previously. They have been involved in various attacks, with some being linked to notorious botnets like Quad7. Daniel dos Santos, head of research at Forescout, pointed out these risks, noting that associated threat groups have targeted Microsoft 365 accounts using password-spray attacks. These historical vulnerabilities make the new findings even more concerning, as they indicate a pattern of security issues related to TP-Link products.

Current Exploitation Status

As alarming as these vulnerabilities are, Forescout researchers have indicated that, at the time of the report, they were not aware of any actual exploitation of the newly discovered flaws. However, given the severity ratings, the researchers strongly recommend that users take immediate action to protect their devices. This includes applying the new firmware updates issued by TP-Link aimed at addressing these critical vulnerabilities.

Recommendations for Users

TP-Link has urged all users of the affected devices to implement the latest firmware updates as a top priority. Alongside these updates, changing passwords after upgrading is equally vital. This two-fold approach—upgrading and then reinforcing access controls—can significantly strengthen network security.

Ongoing Research and Additional Vulnerabilities

Forescout’s analysis didn’t stop at just identifying the two critical issues. The researchers uncovered several additional vulnerabilities during their investigation and are actively coordinating with TP-Labs to address these. While specifics about these additional flaws have not been disclosed, some are noted to be critical and could allow for remote exploitation. Forescout expects that TP-Labs will provide necessary patches by the first quarter of 2026, which adds another layer of urgency for users to stay vigilant.

In summary, the recent revelations regarding vulnerabilities in TP-Link’s Omada and Festa VPN routers serve as a critical reminder of the importance of device security. As the landscape of cyber threats continues to evolve, ensuring that firmware is up-to-date and access controls are robust cannot be overstated.