Two newly disclosed flaws in TP-Link’s Omada and Festa VPN routers have exposed deep-seated weaknesses in the company’s firmware security.
The vulnerabilities, tracked as CVE-2025-7850 and CVE-2025-7851, were identified by researchers from Forescout’s Vedere Labs. These vulnerabilities were described as part of a recurring pattern of incomplete patching and residual debug code.
Read more…
Source: TechPro News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Massive Zero-Day Hole Found in Palo Alto Security Appliances
November 10, 2021
UPDATE: Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects what Palo Alto clarified is an estimated 10,000 VPN/firewalls. Researchers have developed a working exploit to gain remote code execution (RCE) via a massive vulnerability in a security appliance from Palo Alto Networks (PAN), potentially leaving 10,000 vulnerable ...
- Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access
November 10, 2021
A critical security bug in the Citrix Application Delivery Controller (ADC) and Citrix Gateway could allow cyberattackers to crash entire corporate networks without needing to authenticate. The two affected Citrix products (formerly the NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively. The federated working specialist pushed out a security ...
- Cloudflare report highlights devastating DDoS attacks on VoIP services and several ‘record-setting HTTP attacks’
November 5, 2021
Cloudflare released its Q3 DDoS Attack Trends report this week, capping a record-setting quarter that saw a number of devastating attacks on VoIP services. Cloudflare researchers said they saw the several “record-setting HTTP DDoS attacks, terabit-strong network-layer attacks and one of the largest botnets ever deployed (Meris),” noting the emergence of ransom DDoS attacks on voice ...
- Network Scanning Traffic Observed in Public Clouds
October 28, 2021
Tracking network scanning activities can help researchers understand which services are being targeted. By monitoring the origins of the scanners, researchers can also identify compromised endpoints. If a host belonging to a known organization suddenly starts to scan a part of the internet, it is a strong indicator that the host is compromised. This blog summarizes ...
- Lyceum group reborn
October 18, 2021
This year, Kaspersky researchers presented their research into the Lyceum group (also known as Hexane), which was first exposed by Secureworks in 2019. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia. According to older public accounts of the group’s activity, Lyceum conducted targeted ...
- Security Risks with Private 5G in Manufacturing Companies Part. 2
October 15, 2021
The steel industry is a prime area for installing Private 5G Private 5G is said to bring about the “democratization of communications.” This technology allows private companies and local governments to take the driving seat in operating the latest information communication systems. However, not all organizations have the knowledge and ability to deal with telecom technology, ...