Search criteria
4 vulnerabilities found for Omada Software Controller by TP-Link Systems Inc.
CVE-2025-9290 (GCVE-0-2025-9290)
Vulnerability from nvd – Published: 2026-01-22 23:14 – Updated: 2026-01-23 20:04
VLAI?
Title
Authentication Weakness on Omada Controllers, Gateways and Access Points
Summary
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.
Severity ?
CWE
- CWE-760 - Use of a One-Way Hash with a Predictable Salt
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Credits
Stanislav Dashevskyi and Francesco La Spina of Forescout Technologies
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T20:04:16.930287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T20:04:29.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Omada Software Controller",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "6.0.0.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Cloud Controller",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "6.0.0.100",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Hardware Controller (OC200, OC300, OC400)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "6.0.0.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Hardware Controller OC220",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "5.15.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER605 v2.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.3.2 Build 20251029 Rel.12727",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER7206 v2.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.2.2 Build 20250724 Rel.11109",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER7406, ER706W, ER706-4G)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER707-M2, ER-8411)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER7412-M2, ER706WP-4G, ER703WP-4G-Outdoor, DR3220v-4G, DR3650v, DR3650v-4G)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER8411)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.3.5 Build 20251028 Rel.06811",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER706W-4G 2.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0 Build 20250810 Rel.77020",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER701-5G-Outdoor)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.0.0 Build 20250826 Rel.68862",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER605W 2.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.0.2 Build 20250723 Rel.39048",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway ER7212PC 2.0",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.2.1 Build 20251027 Rel.75129",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Festa Gateway FR365",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.1.10 Build 20250626 Rel.81746",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway G36W-4G",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.1.5 Build 20250710 Rel.62142",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP660 HD v1.0/v2.0, EAP620 HD v2.0/v3.0/v3.20, EAP610/EAP610-Outdoor v1.0/v2.0, EAP623-Outdoor HD v1.0, EAP625-Outdoor HD v1.0)EAP",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP655-Wall v1.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.6.2 Build 20251107 Rel.35700",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP772 v1.0, EAP773 v1.0, EAP783 v1.0, EAP787 v1.0, EAP720 v1.0, EAP725-Wall v1.0, EAp723 v2.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP723 v1.0, EAP772 v2.0, EAP772-Outdoor v 1.0, EAP770 v2.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.3.2 Build 20250901 Rel.52255",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP215 Bridge KIT 3.0, EAP211 Bridge KIT 3.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.1.4 Build 20251112 Rel.34769",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Beam Bridge 5 UR v1.0",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.1.5 Build 20250928 Rel.68499",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP603GP-Desktop, EAP615GP-Wall 1.0/1.20, EAP625GP-Wall 1.0/1.20, EAP610GP-Desktop 1.0/1.20/1.26), EAP650-Desktop v1.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP650GP-Desktop 1.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.0.1 Build 20250819 Rel.60298",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP653 v1.0, EAP650-Outdoor v1.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.3.3 Build 20251111 Rel.72627",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP230-Wall v1.0, EAP235-Wall v1.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.3.1 Build 20251203 Rel.58135",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP603-Outdoor v1.0, EAP615-Wall v1.0/v1.20)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP653 UR v1.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 Build 20251208 Rel.43830",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP615-Wall v1.0/v1.20)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.5.10 Build 20250903 Rel.49784",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada EAP100-Bridge KIT v1.0",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.0.3 Build 20251015 Rel.62058",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stanislav Dashevskyi and Francesco La Spina of Forescout Technologies"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality."
}
],
"value": "An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality."
}
],
"impacts": [
{
"capecId": "CAPEC-112",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-112 Brute Force"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-760",
"description": "CWE-760 Use of a One-Way Hash with a Predictable Salt",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T23:14:45.823Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://support.omadanetworks.com/us/download/"
},
{
"tags": [
"patch"
],
"url": "https://support.omadanetworks.com/en/download/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.omadanetworks.com/us/document/114950/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Weakness on Omada Controllers, Gateways and Access Points",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-9290",
"datePublished": "2026-01-22T23:14:45.823Z",
"dateReserved": "2025-08-20T22:24:20.340Z",
"dateUpdated": "2026-01-23T20:04:29.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9289 (GCVE-0-2025-9289)
Vulnerability from nvd – Published: 2026-01-22 21:48 – Updated: 2026-01-23 20:16
VLAI?
Title
Cross-Site Scripting (XSS) on Omada Controllers
Summary
A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator’s browser, potentially exposing sensitive information and compromising confidentiality.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TP-Link Systems Inc. | Omada Software Controller |
Affected:
0 , < 6.0.0.24
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Francesco La Spina, Stanislav Dashevskyi from Forescout Technologies
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9289",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T20:15:52.769770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T20:16:00.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Omada Software Controller",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "6.0.0.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada OC200, OC220, OC300, OC400",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "6.0.0.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada cloud controller",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "6.0.0.100",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco La Spina, Stanislav Dashevskyi from Forescout Technologies"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator\u2019s browser, potentially exposing sensitive information and compromising confidentiality."
}
],
"value": "A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator\u2019s browser, potentially exposing sensitive information and compromising confidentiality."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T21:55:10.732Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://support.omadanetworks.com/us/download/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.omadanetworks.com/us/document/114950/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) on Omada Controllers",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-9289",
"datePublished": "2026-01-22T21:48:35.662Z",
"dateReserved": "2025-08-20T22:24:18.301Z",
"dateUpdated": "2026-01-23T20:16:00.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9290 (GCVE-0-2025-9290)
Vulnerability from cvelistv5 – Published: 2026-01-22 23:14 – Updated: 2026-01-23 20:04
VLAI?
Title
Authentication Weakness on Omada Controllers, Gateways and Access Points
Summary
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.
Severity ?
CWE
- CWE-760 - Use of a One-Way Hash with a Predictable Salt
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TP-Link Systems Inc. | Omada Software Controller |
Affected:
0 , < 6.0.0.24
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Stanislav Dashevskyi and Francesco La Spina of Forescout Technologies
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T20:04:16.930287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T20:04:29.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Omada Software Controller",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "6.0.0.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Cloud Controller",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "6.0.0.100",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Hardware Controller (OC200, OC300, OC400)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "6.0.0.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Hardware Controller OC220",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "5.15.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER605 v2.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.3.2 Build 20251029 Rel.12727",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER7206 v2.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.2.2 Build 20250724 Rel.11109",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER7406, ER706W, ER706-4G)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER707-M2, ER-8411)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER7412-M2, ER706WP-4G, ER703WP-4G-Outdoor, DR3220v-4G, DR3650v, DR3650v-4G)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER8411)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.3.5 Build 20251028 Rel.06811",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER706W-4G 2.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0 Build 20250810 Rel.77020",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER701-5G-Outdoor)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.0.0 Build 20250826 Rel.68862",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway (ER605W 2.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.0.2 Build 20250723 Rel.39048",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway ER7212PC 2.0",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.2.1 Build 20251027 Rel.75129",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Festa Gateway FR365",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.1.10 Build 20250626 Rel.81746",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Gateway G36W-4G",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.1.5 Build 20250710 Rel.62142",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP660 HD v1.0/v2.0, EAP620 HD v2.0/v3.0/v3.20, EAP610/EAP610-Outdoor v1.0/v2.0, EAP623-Outdoor HD v1.0, EAP625-Outdoor HD v1.0)EAP",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP655-Wall v1.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.6.2 Build 20251107 Rel.35700",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP772 v1.0, EAP773 v1.0, EAP783 v1.0, EAP787 v1.0, EAP720 v1.0, EAP725-Wall v1.0, EAp723 v2.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP723 v1.0, EAP772 v2.0, EAP772-Outdoor v 1.0, EAP770 v2.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.3.2 Build 20250901 Rel.52255",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP215 Bridge KIT 3.0, EAP211 Bridge KIT 3.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.1.4 Build 20251112 Rel.34769",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Beam Bridge 5 UR v1.0",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.1.5 Build 20250928 Rel.68499",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP603GP-Desktop, EAP615GP-Wall 1.0/1.20, EAP625GP-Wall 1.0/1.20, EAP610GP-Desktop 1.0/1.20/1.26), EAP650-Desktop v1.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP650GP-Desktop 1.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.0.1 Build 20250819 Rel.60298",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP653 v1.0, EAP650-Outdoor v1.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.3.3 Build 20251111 Rel.72627",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP230-Wall v1.0, EAP235-Wall v1.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.3.1 Build 20251203 Rel.58135",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP603-Outdoor v1.0, EAP615-Wall v1.0/v1.20)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP653 UR v1.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.4.2 Build 20251208 Rel.43830",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Access Point (EAP615-Wall v1.0/v1.20)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.5.10 Build 20250903 Rel.49784",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada EAP100-Bridge KIT v1.0",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.0.3 Build 20251015 Rel.62058",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stanislav Dashevskyi and Francesco La Spina of Forescout Technologies"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality."
}
],
"value": "An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality."
}
],
"impacts": [
{
"capecId": "CAPEC-112",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-112 Brute Force"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-760",
"description": "CWE-760 Use of a One-Way Hash with a Predictable Salt",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T23:14:45.823Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://support.omadanetworks.com/us/download/"
},
{
"tags": [
"patch"
],
"url": "https://support.omadanetworks.com/en/download/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.omadanetworks.com/us/document/114950/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Weakness on Omada Controllers, Gateways and Access Points",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-9290",
"datePublished": "2026-01-22T23:14:45.823Z",
"dateReserved": "2025-08-20T22:24:20.340Z",
"dateUpdated": "2026-01-23T20:04:29.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9289 (GCVE-0-2025-9289)
Vulnerability from cvelistv5 – Published: 2026-01-22 21:48 – Updated: 2026-01-23 20:16
VLAI?
Title
Cross-Site Scripting (XSS) on Omada Controllers
Summary
A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator’s browser, potentially exposing sensitive information and compromising confidentiality.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TP-Link Systems Inc. | Omada Software Controller |
Affected:
0 , < 6.0.0.24
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Francesco La Spina, Stanislav Dashevskyi from Forescout Technologies
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9289",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T20:15:52.769770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T20:16:00.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Omada Software Controller",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "6.0.0.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada OC200, OC220, OC300, OC400",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "6.0.0.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada cloud controller",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "6.0.0.100",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco La Spina, Stanislav Dashevskyi from Forescout Technologies"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator\u2019s browser, potentially exposing sensitive information and compromising confidentiality."
}
],
"value": "A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator\u2019s browser, potentially exposing sensitive information and compromising confidentiality."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T21:55:10.732Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://support.omadanetworks.com/us/download/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.omadanetworks.com/us/document/114950/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) on Omada Controllers",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-9289",
"datePublished": "2026-01-22T21:48:35.662Z",
"dateReserved": "2025-08-20T22:24:18.301Z",
"dateUpdated": "2026-01-23T20:16:00.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}