Denial-of-Service Vulnerability in Omada EAP610 by TP-Link
CVE-2025-7375

6.9MEDIUM

Key Information:

Vendor

Tp-link Systems Inc.

Status
Eap610 V3
Vendor
CVE Published:
5 March 2026

What is CVE-2025-7375?

A vulnerability in the Omada EAP610 access point allows an attacker with adjacent network access to send specially crafted requests that can crash the device's HTTP service. This results in a temporary loss of service until the device is rebooted. It primarily affects firmware versions prior to 1.6.0, making it critical for users to update to the latest firmware to mitigate potential disruptions in service.

Affected Version(s)

EAP610 v3 0 < 1.6.0

References

https://support.omadanetworks.com/en/product/eap610/v3/
patch
https://support.omadanetworks.com/us/product/eap610/v3/
patch
https://support.omadanetworks.com/us/document/118100/
vendor-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Felix ThĂĽmmler
.