MEDIUM🇬🇧 English

CVE-2025-9290

CVSS 6.0v4.0pub. 2026-01-23upd. 2026-03-16

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.

oryginał EN
CVSS Vector
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Tp Link Beam Bridge 5 Ur

    HW
    Tp-Link
    1.0
  • Tp Link Beam Bridge 5 Ur Firmware

    OS
    Tp-Link
    < 1.1.5
  • Tp Link Dr3220v 4g

    HW
    Tp-Link
    wszystkie wersje
  • Tp Link Dr3220v 4g Firmware

    OS
    Tp-Link
    < 1.1.0
  • Tp Link Dr3650v

    HW
    Tp-Link
    wszystkie wersje
  • Tp Link Dr3650v 4g

    HW
    Tp-Link
    wszystkie wersje
  • Tp Link Dr3650v 4g Firmware

    OS
    Tp-Link
    < 1.1.0
  • Tp Link Dr3650v Firmware

    OS
    Tp-Link
    < 1.1.0
  • Tp Link Eap211 Bridge Kit

    HW
    Tp-Link
    3.0
  • Tp Link Eap211 Bridge Kit Firmware

    OS
    Tp-Link
    < 1.1.4
  • Tp Link Eap215 Bridge Kit

    HW
    Tp-Link
    3.0
  • Tp Link Eap215 Bridge Kit Firmware

    OS
    Tp-Link
    < 1.1.4
  • Tp Link Eap603gp Desktop

    HW
    Tp-Link
    1.0
  • Tp Link Eap603gp Desktop Firmware

    OS
    Tp-Link
    < 1.1.0
  • Tp Link Eap610

    HW
    Tp-Link
    1.02.0
  • Tp Link Eap610 Firmware

    OS
    Tp-Link
    < 1.6.1
  • Tp Link Eap610 Outdoor

    HW
    Tp-Link
    1.01.20
  • Tp Link Eap610 Outdoor Firmware

    OS
    Tp-Link
    < 1.6.1
  • Tp Link Eap615gp Wall

    HW
    Tp-Link
    1.0
  • Tp Link Eap615gp Wall Firmware

    OS
    Tp-Link
    < 1.1.0
  • Tp Link Eap620 Hd

    HW
    Tp-Link
    3.03.20
  • Tp Link Eap620 Hd Firmware

    OS
    Tp-Link
    < 1.6.1
  • Tp Link Eap623 Outdoor Hd

    HW
    Tp-Link
    1.0
  • Tp Link Eap623 Outdoor Hd Firmware

    OS
    Tp-Link
    < 1.6.1
  • Tp Link Eap625 Outdoor Hd

    HW
    Tp-Link
    1.0
  • Tp Link Eap625 Outdoor Hd Firmware

    OS
    Tp-Link
    < 1.6.1
  • Tp Link Eap655 Wall

    HW
    Tp-Link
    1.0
  • Tp Link Eap655 Wall Firmware

    OS
    Tp-Link
    < 1.6.2
  • Tp Link Eap660 Hd

    HW
    Tp-Link
    1.02.0
  • Tp Link Eap660 Hd Firmware

    OS
    Tp-Link
    < 1.6.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-6542CRITICAL9.3PL ✓ten sam produkt

Zdalne wykonanie poleceń OS bez uwierzytelnienia w routerach TP-Link Omada

CVE-2025-7850CRITICAL9.3PL ✓ten sam produkt

Command injection w bramkach Omada (TP-Link) po uwierzytelnieniu admina

CVE-2025-9520HIGH8.3ten sam produkt

An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to ma...

CVE-2025-6541HIGH8.6ten sam produkt

An arbitrary OS command may be executed on the product by the user who can log in to the web management interf...

CVE-2025-7851HIGH8.7ten sam produkt

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gate...