← Volver a CVEs
CVE-2025-9520
MEDIUM6.8
Descripcion
An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account.
Detalles CVE
Puntuacion CVSS v3.16.8
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioREQUIRED
Publicado1/26/2026
Ultima modificacion3/11/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
tp-link:omada_controller
Debilidades (CWE)
CWE-639
Referencias
https://support.omadanetworks.com/us/document/115200/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://support.omadanetworks.com/us/download/software/omada-controller/(f23511db-6c3e-4e32-a477-6aa17d310630)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.