CVE-2025-9290

MEDIUM

5.9

Beschreibung

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.

CVE Details

CVSS v3.1 Bewertung5.9

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AngriffsvektorNETWORK

KomplexitatHIGH

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht1/23/2026

Zuletzt geandert3/16/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

tp-link:beam_bridge_5_urtp-link:beam_bridge_5_ur_firmwaretp-link:dr3220v-4gtp-link:dr3220v-4g_firmwaretp-link:dr3650vtp-link:dr3650v-4gtp-link:dr3650v-4g_firmwaretp-link:dr3650v_firmwaretp-link:eap100-bridge_kittp-link:eap100-bridge_kit_firmwaretp-link:eap211_bridge_kittp-link:eap211_bridge_kit_firmwaretp-link:eap215_bridge_kittp-link:eap215_bridge_kit_firmwaretp-link:eap230-walltp-link:eap230-wall_firmwaretp-link:eap235-walltp-link:eap235-wall_firmwaretp-link:eap603-outdoortp-link:eap603-outdoor_firmwaretp-link:eap603gp-desktoptp-link:eap603gp-desktop_firmwaretp-link:eap610tp-link:eap610-outdoortp-link:eap610-outdoor_firmwaretp-link:eap610_firmwaretp-link:eap610gp-desktoptp-link:eap610gp-desktop_firmwaretp-link:eap615-walltp-link:eap615-wall_firmwaretp-link:eap615gp-walltp-link:eap615gp-wall_firmwaretp-link:eap620_hdtp-link:eap620_hd_firmwaretp-link:eap623-outdoor_hdtp-link:eap623-outdoor_hd_firmwaretp-link:eap625-outdoor_hdtp-link:eap625-outdoor_hd_firmwaretp-link:eap625gp-walltp-link:eap625gp-wall_firmwaretp-link:eap650-desktoptp-link:eap650-desktop_firmwaretp-link:eap650-outdoortp-link:eap650-outdoor_firmwaretp-link:eap650gp-desktoptp-link:eap650gp-desktop_firmwaretp-link:eap653tp-link:eap653_firmwaretp-link:eap653_urtp-link:eap653_ur_firmwaretp-link:eap655-walltp-link:eap655-wall_firmwaretp-link:eap660_hdtp-link:eap660_hd_firmwaretp-link:eap720tp-link:eap720_firmwaretp-link:eap723tp-link:eap723_firmwaretp-link:eap725-walltp-link:eap725-wall_firmwaretp-link:eap770tp-link:eap770_firmwaretp-link:eap772tp-link:eap772-outdoortp-link:eap772-outdoor_firmwaretp-link:eap772_firmwaretp-link:eap773tp-link:eap773_firmwaretp-link:eap783tp-link:eap783_firmwaretp-link:eap787tp-link:eap787_firmwaretp-link:er605tp-link:er605_firmwaretp-link:er605wtp-link:er605w_firmwaretp-link:er701-5g-outdoortp-link:er701-5g-outdoor_firmwaretp-link:er703wp-4g-outdoortp-link:er703wp-4g-outdoor_firmwaretp-link:er706wtp-link:er706w-4gtp-link:er706w-4g_firmwaretp-link:er706w_firmwaretp-link:er706wp-4gtp-link:er706wp-4g_firmwaretp-link:er707-m2tp-link:er707-m2_firmwaretp-link:er7206tp-link:er7206_firmwaretp-link:er7212pctp-link:er7212pc_firmwaretp-link:er7406tp-link:er7406_firmwaretp-link:er7412-m2tp-link:er7412-m2_firmwaretp-link:er8411tp-link:er8411_firmwaretp-link:fr365tp-link:fr365_firmwaretp-link:g36w-4gtp-link:g36w-4g_firmwaretp-link:oc200tp-link:oc200_firmwaretp-link:oc220tp-link:oc220_firmwaretp-link:oc300tp-link:oc300_firmwaretp-link:oc400tp-link:oc400_firmwaretp-link:omada_controller

Schwachen (CWE)

CWE-760

Referenzen

https://support.omadanetworks.com/en/download/(f23511db-6c3e-4e32-a477-6aa17d310630)

https://support.omadanetworks.com/us/document/114950/(f23511db-6c3e-4e32-a477-6aa17d310630)

https://support.omadanetworks.com/us/download/(f23511db-6c3e-4e32-a477-6aa17d310630)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.