← Volver a CVEs
CVE-2025-9289
MEDIUM4.7
Descripcion
A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator’s browser, potentially exposing sensitive information and compromising confidentiality.
Detalles CVE
Puntuacion CVSS v3.14.7
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado1/22/2026
Ultima modificacion3/16/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
tp-link:oc200tp-link:oc200_firmwaretp-link:oc220tp-link:oc220_firmwaretp-link:oc300tp-link:oc300_firmwaretp-link:oc400tp-link:oc400_firmwaretp-link:omada_controller
Debilidades (CWE)
CWE-79
Referencias
https://support.omadanetworks.com/us/document/114950/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://support.omadanetworks.com/us/download/(f23511db-6c3e-4e32-a477-6aa17d310630)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.