CVE-2025-9290

EPSS 0.02%
Veröffentlicht 22.01.2026 23:14:45
Zuletzt bearbeitet 26.01.2026 15:04:14
Quelle f23511db-6c3e-4e32-a477-6aa17d
CVE-Watchlists
Login
Unerledigt
Login

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Software Controller

Default Statusunaffected

Version < 6.0.0.24

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Cloud Controller

Default Statusunaffected

Version < 6.0.0.100

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Hardware Controller (OC200, OC300, OC400)

Default Statusunaffected

Version < 6.0.0.34

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Hardware Controller OC220

Default Statusunaffected

Version < 5.15.24

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Gateway (ER605 v2.0)

Default Statusunaffected

Version < 2.3.2 Build 20251029 Rel.12727

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Gateway (ER7206 v2.0)

Default Statusunaffected

Version < 2.2.2 Build 20250724 Rel.11109

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Gateway (ER7406, ER706W, ER706-4G)

Default Statusunaffected

Version < 1.2.x

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Gateway (ER707-M2, ER-8411)

Default Statusunaffected

Version < 1.3.x

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Gateway (ER7412-M2, ER706WP-4G, ER703WP-4G-Outdoor, DR3220v-4G, DR3650v, DR3650v-4G)

Default Statusunaffected

Version < 1.1.0

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Gateway (ER8411)

Default Statusunaffected

Version < 1.3.5 Build 20251028 Rel.06811

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Gateway (ER706W-4G 2.0)

Default Statusunaffected

Version < 2.1.0 Build 20250810 Rel.77020

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Gateway (ER701-5G-Outdoor)

Default Statusunaffected

Version < 1.0.0 Build 20250826 Rel.68862

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Gateway (ER605W 2.0)

Default Statusunaffected

Version < 2.0.2 Build 20250723 Rel.39048

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Gateway ER7212PC 2.0

Default Statusunaffected

Version < 2.2.1 Build 20251027 Rel.75129

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Festa Gateway FR365

Default Statusunaffected

Version < 1.1.10 Build 20250626 Rel.81746

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Gateway G36W-4G

Default Statusunaffected

Version < 1.1.5 Build 20250710 Rel.62142

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Access Point (EAP660 HD v1.0/v2.0, EAP620 HD v2.0/v3.0/v3.20, EAP610/EAP610-Outdoor v1.0/v2.0, EAP623-Outdoor HD v1.0, EAP625-Outdoor HD v1.0)EAP

Default Statusunaffected

Version < 1.6.1

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Access Point (EAP655-Wall v1.0)

Default Statusunaffected

Version < 1.6.2 Build 20251107 Rel.35700

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Access Point (EAP772 v1.0, EAP773 v1.0, EAP783 v1.0, EAP787 v1.0, EAP720 v1.0, EAP725-Wall v1.0, EAp723 v2.0)

Default Statusunaffected

Version < 1.1.2

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Access Point (EAP723 v1.0, EAP772 v2.0, EAP772-Outdoor v 1.0, EAP770 v2.0)

Default Statusunaffected

Version < 1.3.2 Build 20250901 Rel.52255

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Access Point (EAP215 Bridge KIT 3.0, EAP211 Bridge KIT 3.0)

Default Statusunaffected

Version < 1.1.4 Build 20251112 Rel.34769

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Beam Bridge 5 UR v1.0

Default Statusunaffected

Version < 1.1.5 Build 20250928 Rel.68499

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Access Point (EAP603GP-Desktop, EAP615GP-Wall 1.0/1.20, EAP625GP-Wall 1.0/1.20, EAP610GP-Desktop 1.0/1.20/1.26), EAP650-Desktop v1.0)

Default Statusunaffected

Version < 1.1.0

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Access Point (EAP650GP-Desktop 1.0)

Default Statusunaffected

Version < 1.0.1 Build 20250819 Rel.60298

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Access Point (EAP653 v1.0, EAP650-Outdoor v1.0)

Default Statusunaffected

Version < 1.3.3 Build 20251111 Rel.72627

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Access Point (EAP230-Wall v1.0, EAP235-Wall v1.0)

Default Statusunaffected

Version < 3.3.1 Build 20251203 Rel.58135

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Access Point (EAP603-Outdoor v1.0, EAP615-Wall v1.0/v1.20)

Default Statusunaffected

Version < 1.5.1

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Access Point (EAP653 UR v1.0)

Default Statusunaffected

Version < 1.4.2 Build 20251208 Rel.43830

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada Access Point (EAP615-Wall v1.0/v1.20)

Default Statusunaffected

Version < 1.5.10 Build 20250903 Rel.49784

Version 0

Status affected

HerstellerTP-Link Systems Inc.

≫

Produkt Omada EAP100-Bridge KIT v1.0

Default Statusunaffected

Version < 1.0.3 Build 20251015 Rel.62058

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.021

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
f23511db-6c3e-4e32-a477-6aa17d310630	6	0	0	CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-760 Use of a One-Way Hash with a Predictable Salt

The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product uses a predictable salt as part of the input.

https://support.omadanetworks.com/us/download/

https://support.omadanetworks.com/us/document/114950/

https://support.omadanetworks.com/en/download/

https://nvd.nist.gov/vuln/detail/CVE-2025-9290

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-9290

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-9290

EUVD