CVE-2025-9522
- EPSS 0.04%
- Veröffentlicht 26.01.2026 19:35:59
- Zuletzt bearbeitet 27.01.2026 14:59:34
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information.
CVE-2025-9521
- EPSS 0.05%
- Veröffentlicht 26.01.2026 19:35:26
- Zuletzt bearbeitet 27.01.2026 14:59:34
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security.
CVE-2025-9520
- EPSS 0.01%
- Veröffentlicht 26.01.2026 19:34:44
- Zuletzt bearbeitet 27.01.2026 14:59:34
An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account.
CVE-2020-12475
- EPSS 0.05%
- Veröffentlicht 04.05.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 04:59:46
TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar.