6 matches found
CVE-2020-12475
The connected sources confirm a concrete vulnerability in TP-Link Omada Controller Software 3.2.6: a directory traversal flaw in com.tp_link.eap.web.portal.PortalController.getAdvertiseFile within /opt/tplink/EAPController/lib/eap-web-3.2.6.jar allows reading arbitrary files. This is a local atta...
CVE-2025-9290
CVE-2025-9290 describes an authentication weakness in Omada Controllers, Gateways, and Access Points related to improper handling of random values during controller-device adoption. The vulnerability could allow an attacker with adjacent network access to intercept adoption traffic and forge vali...
CVE-2025-9522
Technical details about CVE-2025-9522 are not publicly provided in the supplied documents; no affected versions or remediation are disclosed. Monitor for updates.
CVE-2025-9289
CVE-2025-9289 is a Cross-Site Scripting (XSS) vulnerability in Omada Controllers caused by improper input sanitization in a parameter. Exploitation requires specific conditions (network positioning or impersonating a trusted entity) and interaction from an authenticated administrator, potentially...
CVE-2025-9520
Technical details (affected products, specific component, root cause, versions, or exploits) are not publicly provided in the connected documents. Monitor for updates from vendors and security advisories.
CVE-2025-9521
CVE-2025-9521 concerns a Password Confirmation Bypass in Omada Controllers. The trusted-source documents indicate that an attacker with a valid session token can bypass secondary verification and change a user’s password without proper confirmation, weakening account security. Affected product is...