PT-2026-4304 · Tp Link · Omada Access Point+2
Published
2026-01-22
·
Updated
2026-03-16
·
CVE-2025-9290
CVSS v4.0
6.0
Medium
| Vector | AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Omada Controllers, Gateways and Access Points (affected versions not specified)
Description
An authentication weakness exists in Omada Controllers, Gateways, and Access Points related to controller-device adoption. This is due to improper handling of random values, allowing an attacker with advanced network positioning to intercept adoption traffic and forge valid authentication through offline precomputation. Successful exploitation could expose sensitive information and compromise confidentiality.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Omada Access Point
Omada Controller
Omada Gateways