CVE-2025-9290

EUVD-2026-4495
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
tp-linkomada_controller
𝑥
< 6.0.0.24
tp-linkomada_controller
𝑥
< 6.0.0.100
tp-linkoc200_firmware
𝑥
< 1.37.9
tp-linkoc220_firmware
𝑥
< 1.1.3
tp-linkoc300_firmware
𝑥
< 1.31.9
tp-linkoc400_firmware
𝑥
< 1.9.9
tp-linkoc200_firmware
𝑥
< 2.22.9
tp-linkoc220_firmware
-
tp-linker605_firmware
𝑥
< 2.3.2
tp-linker7206_firmware
𝑥
< 2.2.2
tp-linker7406_firmware
𝑥
< 1.2.2
tp-linker707-m2_firmware
𝑥
< 1.3.1
tp-linker7412-m2_firmware
𝑥
< 1.1.0
tp-linker8411_firmware
𝑥
< 1.3.5
tp-linker706w_firmware
𝑥
< 1.2.1
tp-linker706w-4g_firmware
𝑥
< 1.2.1
tp-linker706wp-4g_firmware
𝑥
< 1.1.0
tp-linker703wp-4g-outdoor_firmware
𝑥
< 1.1.0
tp-linkdr3220v-4g_firmware
𝑥
< 1.1.0
tp-linkdr3650v-4g_firmware
𝑥
< 1.1.0
tp-linkdr3650v_firmware
𝑥
< 1.1.0
tp-linker701-5g-outdoor_firmware
𝑥
< 1.0.0
tp-linker605w_firmware
𝑥
< 2.0.2
tp-linker7212pc_firmware
𝑥
< 2.2.1
tp-linkfr365_firmware
𝑥
< 1.1.10
tp-linkg36w-4g_firmware
𝑥
< 1.1.5
tp-linkeap655-wall_firmware
𝑥
< 1.6.2
tp-linkeap660_hd_firmware
𝑥
< 1.6.1
tp-linkeap620_hd_firmware
𝑥
< 1.6.1
tp-linkeap610-outdoor_firmware
𝑥
< 1.6.1
tp-linkeap610_firmware
𝑥
< 1.6.1
tp-linkeap623-outdoor_hd_firmware
𝑥
< 1.6.1
tp-linkeap625-outdoor_hd_firmware
𝑥
< 1.6.1
tp-linkeap772_firmware
𝑥
< 1.3.2
tp-linkeap772-outdoor_firmware
𝑥
< 1.3.2
tp-linkeap770_firmware
𝑥
< 1.3.2
tp-linkeap723_firmware
𝑥
< 1.3.2
tp-linkeap773_firmware
𝑥
< 1.1.2
tp-linkeap783_firmware
𝑥
< 1.1.2
tp-linkeap772_firmware
𝑥
< 1.1.2
tp-linkeap787_firmware
𝑥
< 1.1.2
tp-linkeap720_firmware
𝑥
< 1.1.2
tp-linkeap723_firmware
𝑥
< 1.1.2
tp-linkeap725-wall_firmware
𝑥
< 1.1.2
tp-linkeap215_bridge_kit_firmware
𝑥
< 1.1.4
tp-linkeap211_bridge_kit_firmware
𝑥
< 1.1.4
tp-linkbeam_bridge_5_ur_firmware
𝑥
< 1.1.5
tp-linkeap603gp-desktop_firmware
𝑥
< 1.1.0
tp-linkeap615gp-wall_firmware
𝑥
< 1.1.0
tp-linkeap625gp-wall_firmware
𝑥
< 1.1.0
tp-linkeap610gp-desktop_firmware
𝑥
< 1.1.0
tp-linkeap650gp-desktop_firmware
𝑥
< 1.0.1
tp-linkeap653_firmware
𝑥
< 1.3.3
tp-linkeap650-outdoor_firmware
𝑥
< 1.3.3
tp-linkeap230-wall_firmware
𝑥
< 3.3.1
tp-linkeap235-wall_firmware
𝑥
< 3.3.1
tp-linkeap603-outdoor_firmware
𝑥
< 1.5.1
tp-linkeap653_ur_firmware
𝑥
< 1.4.2
tp-linkeap650-desktop_firmware
𝑥
< 1.1.0
tp-linkeap615-wall_firmware
𝑥
< 1.1.0
tp-linkeap100-bridge_kit_firmware
𝑥
< 1.0.3
tp-linker706w-4g_firmware
𝑥
< 2.1.0
tp-linkomada_controller
𝑥
< 6.0.0.34
tp-linkomada_controller
𝑥
< 5.15.24
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.omadanetworks.com/en/download/
https://support.omadanetworks.com/us/document/114950/
https://support.omadanetworks.com/us/download/