HIGH🇵🇱 Wersja polska

CVE-2025-9520

CVSS 8.3v4.0pub. 2026-01-26upd. 2026-03-11

An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Tp Link Omada Controller

    OS
    Tp-Link
    < 6.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
IDOR
CWE
References

Related vulnerabilities

CVE-2025-9522MEDIUM5.1ten sam produkt

Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted ...

CVE-2025-9290MEDIUM6.0ten sam produkt

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device ...

CVE-2025-9289MEDIUM5.7ten sam produkt

A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper ...

CVE-2020-12475MEDIUM5.5ten sam produkt

TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link...

CVE-2025-9521LOW2.1ten sam produkt

Podatność Password Confirmation Bypass w kontrolerach Omada, umożliwiająca atakującemu posiadającemu ważny tok...