VYPR

Omada Software Controller

by TP-Link

CVEs (7)

  • CVE-2021-44032HigMar 10, 2022
    risk 0.49cvss 7.5epss 0.02

    TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the…

  • CVE-2020-12475MedMay 4, 2020
    risk 0.36cvss 5.5epss 0.01

    TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar.

  • CVE-2025-9522Jan 26, 2026
    risk 0.00cvss epss 0.00

    Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information.

  • CVE-2025-9521Jan 26, 2026
    risk 0.00cvss epss 0.00

    Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security.

  • CVE-2025-9520Jan 26, 2026
    risk 0.00cvss epss 0.00

    An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account.

  • CVE-2025-9290Jan 22, 2026
    risk 0.00cvss epss 0.00

    An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge…

  • CVE-2025-9289Jan 22, 2026
    risk 0.00cvss epss 0.00

    A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated…