Omada Controllers
by Omada
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-9521 | 0.00 | — | 0.00 | Jan 26, 2026 | Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security. | |||
| CVE-2025-9290 | 0.00 | — | 0.00 | Jan 22, 2026 | An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge… | |||
| CVE-2025-9289 | 0.00 | — | 0.00 | Jan 22, 2026 | A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated… |
- CVE-2025-9521Jan 26, 2026risk 0.00cvss —epss 0.00
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security.
- CVE-2025-9290Jan 22, 2026risk 0.00cvss —epss 0.00
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge…
- CVE-2025-9289Jan 22, 2026risk 0.00cvss —epss 0.00
A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated…