TP-Link faces critical failures in enterprise routers and growing regulatory pressure

Professional routers from TP-Link's Omada and Festa VPN ranges They have been exposed to two high-severity vulnerabilities that could allow an attacker to take control of the device. The warning comes in a technical report from Forescout Research – Vedere Labs, which urges the immediate application of the necessary patches. firmware updates already released by TP-Link.

This finding comes at a tense political time: several US federal agencies support a possible move by the Department of Commerce to restrict future sales of TP-Link products for national security reasons. The company, for its part, denies any operational links with China and asserts that its US subsidiaries... They are not subject to intelligence guidelines of the Asian country.

What exactly has been discovered

La first vulnerability, identified as CVE-2025-7850, It allows the injection of operating system commands due to insufficient sanitization of user input.With a severity score of 9,3, in certain scenarios It could be exploited even without credentials..

El second ruling, CVE-2025-7851 (score 8,7), It exposes residual debugging functionality that enables root access via SSHIn practice, that hidden route could grant full control of the router to an attacker who successfully exploits it.

According to Forescout, vulnerabilities affect TP-Link Omada equipment and Festa VPN routersThese devices are common in SMEs, distributed offices, and corporate network deployments. In Spain and the EU, they are frequently used for remote access and site segmentationTherefore, the potential impact extends to business networks and critical environments.

Practical risk: what is known and the patches currently available

The researchers indicate that There is no public evidence of active exploitation of these two flaws at the time of the report. However, TP-Link equipment has been targeted in the past by large-scale botnets, such as Quad7, and by groups linked to China that have carried out password spraying attacks against Microsoft 365 accounts, among other campaigns.

Forescout and TP-Link recommend updating immediately to the published firmware versions to fix the bugs.After the update, TP-Link prompts you to change your administrator passwords. Additionally, it's advisable to implement containment measures to reduce attack surface:

• Disable remote access to the administration if it is not essential and restrict it by access control lists (ACLs) or VPN.
• Rotate SSH credentials and keys, and review enabled users on the device.
• Segregate management traffic into a dedicated VLAN and Limit SSH to trusted IPs only.
• Monitor system logs and activate intrusion alerts on the perimeter.

In the European context, these actions align with the demands of patch management and access control which include frameworks such as NIS2 and the best practices recommended by organizations such as INCIBE or CCN-CERT.

Although, during his investigation, Forescout claims to have located additional flaws in coordination with TP-Link's laboratoriesSome with potential for remote exploitation. Technical details have not been disclosed, but TP-Link is expected to release fixes for these issues. throughout the first quarter of 2026.

Regulatory pressure in the US and its side effects in Europe

Sources cited by US media claim that a interagency process, involving Justice, National Security and DefenseThis summer, he studied a plan to ban new sales of TP-Link in the countryThe concerns are focused on potential legal influences of Beijing and the possibility of malicious updates. TP-Link rejects these suspicions and emphasizes that no U.S. authority or the White House has made a formal decision on the matter.

While the debate is primarily domestic in the US, Its effects could be felt in EuropeFrom public procurement criteria and supply chain risk assessments to homologation and support policies. For organizations with a transatlantic presence, It is advisable to maintain a vigilance posture y planned replacement policy if necessary.

What should organizations in Spain and the EU do?

Beyond applying patches and hardening access points, it is advisable to perform a complete inventory of assets network (including routers and gateways), verify firmware versions, and document temporary exceptions. In SMEs with fewer resources, rely on their IT provider or MSP to validate secure configurations and segmentation.

• Review of internet exposure with scans of open services.
• Backup policy of the router configuration and reversal plan.
• Change log and controlled tests after each update.

With flaws already identified, patches available, and a regulatory debate gaining traction, The priority is to correct, strengthen, and monitor rather than to panic.Updating firmware, changing passwords, closing unnecessary access, and monitoring anomalous activity are steps that, when applied today, drastically reduce the risk in advanced business and home networks.