CVE-2025-9290
MEDIUM
中文标题:
(暂无数据)
英文标题:
Authentication Weakness on Omada Controllers, Gateways and Access Points
CVSS分数:
6.0
发布时间:
2026-01-22 23:14:45
漏洞类型:
(暂无数据)
状态:
PUBLISHED
数据质量分数:
0.40
数据版本:
v2
漏洞描述
中文描述:
(暂无数据)
英文描述:
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.
CWE类型:
CWE-760
标签:
(暂无数据)
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| TP-Link Systems Inc. | Omada Software Controller | - | < 6.0.0.24 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_software_controller:*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Cloud Controller | - | < 6.0.0.100 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_cloud_controller:*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Hardware Controller (OC200, OC300, OC400) | - | < 6.0.0.34 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_hardware_controller_(oc200,_oc300,_oc400):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Hardware Controller OC220 | - | < 5.15.24 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_hardware_controller_oc220:*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Gateway (ER605 v2.0) | - | < 2.3.2 Build 20251029 Rel.12727 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_gateway_(er605_v2.0):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Gateway (ER7206 v2.0) | - | < 2.2.2 Build 20250724 Rel.11109 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_gateway_(er7206_v2.0):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Gateway (ER7406, ER706W, ER706-4G) | - | < 1.2.x | - |
cpe:2.3:a:tp-link_systems_inc.:omada_gateway_(er7406,_er706w,_er706-4g):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Gateway (ER707-M2, ER-8411) | - | < 1.3.x | - |
cpe:2.3:a:tp-link_systems_inc.:omada_gateway_(er707-m2,_er-8411):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Gateway (ER7412-M2, ER706WP-4G, ER703WP-4G-Outdoor, DR3220v-4G, DR3650v, DR3650v-4G) | - | < 1.1.0 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_gateway_(er7412-m2,_er706wp-4g,_er703wp-4g-outdoor,_dr3220v-4g,_dr3650v,_dr3650v-4g):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Gateway (ER8411) | - | < 1.3.5 Build 20251028 Rel.06811 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_gateway_(er8411):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Gateway (ER706W-4G 2.0) | - | < 2.1.0 Build 20250810 Rel.77020 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_gateway_(er706w-4g_2.0):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Gateway (ER701-5G-Outdoor) | - | < 1.0.0 Build 20250826 Rel.68862 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_gateway_(er701-5g-outdoor):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Gateway (ER605W 2.0) | - | < 2.0.2 Build 20250723 Rel.39048 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_gateway_(er605w_2.0):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Gateway ER7212PC 2.0 | - | < 2.2.1 Build 20251027 Rel.75129 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_gateway_er7212pc_2.0:*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Festa Gateway FR365 | - | < 1.1.10 Build 20250626 Rel.81746 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_festa_gateway_fr365:*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Gateway G36W-4G | - | < 1.1.5 Build 20250710 Rel.62142 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_gateway_g36w-4g:*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Access Point (EAP660 HD v1.0/v2.0, EAP620 HD v2.0/v3.0/v3.20, EAP610/EAP610-Outdoor v1.0/v2.0, EAP623-Outdoor HD v1.0, EAP625-Outdoor HD v1.0)EAP | - | < 1.6.1 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_access_point_(eap660_hd_v1.0_v2.0,_eap620_hd_v2.0_v3.0_v3.20,_eap610_eap610-outdoor_v1.0_v2.0,_eap623-outdoor_hd_v1.0,_eap625-outdoor_hd_v1.0)eap:*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Access Point (EAP655-Wall v1.0) | - | < 1.6.2 Build 20251107 Rel.35700 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_access_point_(eap655-wall_v1.0):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Access Point (EAP772 v1.0, EAP773 v1.0, EAP783 v1.0, EAP787 v1.0, EAP720 v1.0, EAP725-Wall v1.0, EAp723 v2.0) | - | < 1.1.2 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_access_point_(eap772_v1.0,_eap773_v1.0,_eap783_v1.0,_eap787_v1.0,_eap720_v1.0,_eap725-wall_v1.0,_eap723_v2.0):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Access Point (EAP723 v1.0, EAP772 v2.0, EAP772-Outdoor v 1.0, EAP770 v2.0) | - | < 1.3.2 Build 20250901 Rel.52255 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_access_point_(eap723_v1.0,_eap772_v2.0,_eap772-outdoor_v_1.0,_eap770_v2.0):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Access Point (EAP215 Bridge KIT 3.0, EAP211 Bridge KIT 3.0) | - | < 1.1.4 Build 20251112 Rel.34769 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_access_point_(eap215_bridge_kit_3.0,_eap211_bridge_kit_3.0):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Beam Bridge 5 UR v1.0 | - | < 1.1.5 Build 20250928 Rel.68499 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_beam_bridge_5_ur_v1.0:*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Access Point (EAP603GP-Desktop, EAP615GP-Wall 1.0/1.20, EAP625GP-Wall 1.0/1.20, EAP610GP-Desktop 1.0/1.20/1.26), EAP650-Desktop v1.0) | - | < 1.1.0 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_access_point_(eap603gp-desktop,_eap615gp-wall_1.0_1.20,_eap625gp-wall_1.0_1.20,_eap610gp-desktop_1.0_1.20_1.26),_eap650-desktop_v1.0):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Access Point (EAP650GP-Desktop 1.0) | - | < 1.0.1 Build 20250819 Rel.60298 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_access_point_(eap650gp-desktop_1.0):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Access Point (EAP653 v1.0, EAP650-Outdoor v1.0) | - | < 1.3.3 Build 20251111 Rel.72627 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_access_point_(eap653_v1.0,_eap650-outdoor_v1.0):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Access Point (EAP230-Wall v1.0, EAP235-Wall v1.0) | - | < 3.3.1 Build 20251203 Rel.58135 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_access_point_(eap230-wall_v1.0,_eap235-wall_v1.0):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Access Point (EAP603-Outdoor v1.0, EAP615-Wall v1.0/v1.20) | - | < 1.5.1 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_access_point_(eap603-outdoor_v1.0,_eap615-wall_v1.0_v1.20):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Access Point (EAP653 UR v1.0) | - | < 1.4.2 Build 20251208 Rel.43830 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_access_point_(eap653_ur_v1.0):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada Access Point (EAP615-Wall v1.0/v1.20) | - | < 1.5.10 Build 20250903 Rel.49784 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_access_point_(eap615-wall_v1.0_v1.20):*:*:*:*:*:*:*:*
|
| TP-Link Systems Inc. | Omada EAP100-Bridge KIT v1.0 | - | < 1.0.3 Build 20251015 Rel.62058 | - |
cpe:2.3:a:tp-link_systems_inc.:omada_eap100-bridge_kit_v1.0:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
CVSS评分详情
4.0 (cna)
MEDIUM
6.0
CVSS向量:
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
机密性
HIGH
完整性
NONE
可用性
NONE
后续系统影响 (Subsequent):
机密性
NONE
完整性
NONE
可用性
NONE
时间信息
发布时间:
2026-01-22 23:14:45
修改时间:
2026-01-22 23:14:45
创建时间:
2026-01-23 06:00:11
更新时间:
2026-01-27 06:00:16
利用信息
暂无可利用代码信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-9290 |
2026-01-23 03:17:19 | 2026-01-22 22:00:11 |
| NVD | nvd_CVE-2025-9290 |
2026-01-23 02:00:05 | 2026-01-22 22:00:17 |
版本与语言
当前版本:
v2
主要语言:
EN
支持语言:
EN
安全公告
暂无安全公告信息
变更历史
v2
NVD
2026-01-23 06:00:17
data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']