Unrated severityNVD Advisory· Published Jan 22, 2026· Updated Jan 23, 2026

Authentication Weakness on Omada Controllers, Gateways and Access Points

CVE-2025-9290

Description

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.

Affected products

Tp Link Systems Inc./Omada Access Point (eap772 V1.0, Eap773 V1.0, Eap783 V1.0, Eap787 V1.0, Eap720 V1.0, Eap725 Wall V1.0, Eap723 V2.0)v5
Range: 0
Tp Link Systems Inc./Omada Gateway (er707 M2, Er 8411)v5
Range: 0
Tp Link Systems Inc./Omada Software Controllerv5
Range: 0
Tp Link Systems Inc./Omada Access Point (eap215 Bridge Kit 3.0, Eap211 Bridge Kit 3.0)v5
Range: 0
TP-Link Systems Inc./Omada Access Point (EAP653 UR v1.0)v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.omadanetworks.com/en/download/mitrepatch
support.omadanetworks.com/us/download/mitrepatch
support.omadanetworks.com/us/document/114950/mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000