CVE-2025-9290

MEDIUM EPSS 10.1%

Published Jan 23, 20265mo ago · Modified Jun 17, 20261w ago

6.0 CVSS 4.0

Medium

Published Jan 23, 2026 5mo ago

Last Modified Jun 17, 2026 1w ago

Description

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.

CVSS Details

Base Score

6.0

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Adjacent

Attack Complexity High

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

10.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-760

Affected Products 138

Vendor	Product	Version	Range
tp-link	omada_controller	*	<6.0.0.24
tp-link	omada_controller	*	<6.0.0.100
tp-link	oc200_firmware	*	<1.37.9
tp-link	oc200	1	any
tp-link	oc220_firmware	*	<1.1.3
tp-link	oc220	1	any
tp-link	oc300_firmware	*	<1.31.9
tp-link	oc300	1.6	any
tp-link	oc400_firmware	*	<1.9.9
tp-link	oc400	1.6	any
tp-link	oc200_firmware	*	<2.22.9
tp-link	oc200	2	any
tp-link	oc220_firmware	*	any
tp-link	oc220	2	any
tp-link	er605_firmware	*	<2.3.2
tp-link	er605	2.0	any
tp-link	er7206_firmware	*	<2.2.2
tp-link	er7206	2.0	any
tp-link	er7406_firmware	*	<1.2.2
tp-link	er7406	*	any
tp-link	er707-m2_firmware	*	<1.3.1
tp-link	er707-m2	*	any
tp-link	er7412-m2_firmware	*	<1.1.0
tp-link	er7412-m2	*	any
tp-link	er8411_firmware	*	<1.3.5
tp-link	er8411	*	any
tp-link	er706w_firmware	*	<1.2.1
tp-link	er706w	*	any
tp-link	er706w-4g_firmware	*	<1.2.1
tp-link	er706w-4g	*	any
tp-link	er706wp-4g_firmware	*	<1.1.0
tp-link	er706wp-4g	*	any
tp-link	er703wp-4g-outdoor_firmware	*	<1.1.0
tp-link	er703wp-4g-outdoor	*	any
tp-link	dr3220v-4g_firmware	*	<1.1.0
tp-link	dr3220v-4g	*	any
tp-link	dr3650v-4g_firmware	*	<1.1.0
tp-link	dr3650v-4g	*	any
tp-link	dr3650v_firmware	*	<1.1.0
tp-link	dr3650v	*	any
tp-link	er701-5g-outdoor_firmware	*	<1.0.0
tp-link	er701-5g-outdoor	*	any
tp-link	er605w_firmware	*	<2.0.2
tp-link	er605w	2.0	any
tp-link	er7212pc_firmware	*	<2.2.1
tp-link	er7212pc	2.0	any
tp-link	fr365_firmware	*	<1.1.10
tp-link	fr365	*	any
tp-link	g36w-4g_firmware	*	<1.1.5
tp-link	g36w-4g	*	any
tp-link	eap655-wall_firmware	*	<1.6.2
tp-link	eap655-wall	1.0	any
tp-link	eap660_hd_firmware	*	<1.6.1
tp-link	eap660_hd	1.0	any
tp-link	eap660_hd	2.0	any
tp-link	eap620_hd_firmware	*	<1.6.1
tp-link	eap620_hd	3.0	any
tp-link	eap620_hd	3.20	any
tp-link	eap610-outdoor_firmware	*	<1.6.1
tp-link	eap610-outdoor	1.0	any
tp-link	eap610-outdoor	1.20	any
tp-link	eap610_firmware	*	<1.6.1
tp-link	eap610	1.0	any
tp-link	eap610	2.0	any
tp-link	eap623-outdoor_hd_firmware	*	<1.6.1
tp-link	eap623-outdoor_hd	1.0	any
tp-link	eap625-outdoor_hd_firmware	*	<1.6.1
tp-link	eap625-outdoor_hd	1.0	any
tp-link	eap772_firmware	*	<1.3.2
tp-link	eap772	2.0	any
tp-link	eap772-outdoor_firmware	*	<1.3.2
tp-link	eap772-outdoor	1.0	any
tp-link	eap770_firmware	*	<1.3.2
tp-link	eap770	2.0	any
tp-link	eap723_firmware	*	<1.3.2
tp-link	eap723	1.0	any
tp-link	eap773_firmware	*	<1.1.2
tp-link	eap773	1.0	any
tp-link	eap783_firmware	*	<1.1.2
tp-link	eap783	1.0	any
tp-link	eap772_firmware	*	<1.1.2
tp-link	eap772	1.0	any
tp-link	eap787_firmware	*	<1.1.2
tp-link	eap787	1.0	any
tp-link	eap720_firmware	*	<1.1.2
tp-link	eap720	1.0	any
tp-link	eap723_firmware	*	<1.1.2
tp-link	eap723	2.0	any
tp-link	eap725-wall_firmware	*	<1.1.2
tp-link	eap725-wall	1.0	any
tp-link	eap215_bridge_kit_firmware	*	<1.1.4
tp-link	eap215_bridge_kit	3.0	any
tp-link	eap211_bridge_kit_firmware	*	<1.1.4
tp-link	eap211_bridge_kit	3.0	any
tp-link	beam_bridge_5_ur_firmware	*	<1.1.5
tp-link	beam_bridge_5_ur	1.0	any
tp-link	eap603gp-desktop_firmware	*	<1.1.0
tp-link	eap603gp-desktop	1.0	any
tp-link	eap615gp-wall_firmware	*	<1.1.0
tp-link	eap615gp-wall	1.0	any
tp-link	eap615gp-wall	1.20	any
tp-link	eap625gp-wall_firmware	*	<1.1.0
tp-link	eap625gp-wall	1.0	any
tp-link	eap625gp-wall	1.20	any
tp-link	eap610gp-desktop_firmware	*	<1.1.0
tp-link	eap610gp-desktop	1.0	any
tp-link	eap610gp-desktop	1.20	any
tp-link	eap610gp-desktop	1.26	any
tp-link	eap650gp-desktop_firmware	*	<1.0.1
tp-link	eap650gp-desktop	1.0	any
tp-link	eap653_firmware	*	<1.3.3
tp-link	eap653	1.0	any
tp-link	eap650-outdoor_firmware	*	<1.3.3
tp-link	eap650-outdoor	1.0	any
tp-link	eap230-wall_firmware	*	<3.3.1
tp-link	eap230-wall	1.0	any
tp-link	eap235-wall_firmware	*	<3.3.1
tp-link	eap235-wall	1.0	any
tp-link	eap603-outdoor_firmware	*	<1.5.1
tp-link	eap603-outdoor	1.0	any
tp-link	eap653_ur_firmware	*	<1.4.2
tp-link	eap653_ur	1.0	any
tp-link	eap650-desktop_firmware	*	<1.1.0
tp-link	eap650-desktop	1.0	any
tp-link	eap615-wall_firmware	*	<1.1.0
tp-link	eap615-wall	1.0	any
tp-link	eap100-bridge_kit_firmware	*	<1.0.3
tp-link	eap100-bridge_kit	1.0	any
tp-link	er706w-4g_firmware	*	<2.1.0
tp-link	er706w-4g	2.0	any
tp-link	omada_controller	*	<6.0.0.34
tp-link	oc200	1	any
tp-link	oc200	2	any
tp-link	oc300	1.6	any
tp-link	oc400	1.6	any
tp-link	omada_controller	*	<5.15.24
tp-link	oc220	1	any
tp-link	oc220	2	any

References 3

support.omadanetworks.com https://support.omadanetworks.com/en/download/

Product
support.omadanetworks.com https://support.omadanetworks.com/us/document/114950/

Vendor Advisory
support.omadanetworks.com https://support.omadanetworks.com/us/download/

Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.