Tp-link Omada Controller — known CVE vulnerabilities
Every CVE whose affected-product data names Tp-link Omada Controller, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2025-9520 — CVSS 6.8 (medium): An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and…
CVE-2025-9521 — CVSS 6.5 (medium): Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary…
CVE-2025-9290 — CVSS 5.9 (medium): An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper…
CVE-2020-12475 — CVSS 5.5 (medium): TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalControll…
CVE-2025-9522 — CVSS 5.3 (medium): Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal…
CVE-2025-9289 — CVSS 4.7 (medium): A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization…