CVE-2025-9290

Summary

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems Inc.Omada Software Controller0 < 6.0.0.24affected
TP-Link Systems Inc.Omada Cloud Controller0 < 6.0.0.100affected
TP-Link Systems Inc.Omada Hardware Controller (OC200, OC300, OC400)0 < 6.0.0.34affected
TP-Link Systems Inc.Omada Hardware Controller OC2200 < 5.15.24affected
TP-Link Systems Inc.Omada Gateway (ER605 v2.0)0 < 2.3.2 Build 20251029 Rel.12727affected
TP-Link Systems Inc.Omada Gateway (ER7206 v2.0)0 < 2.2.2 Build 20250724 Rel.11109affected
TP-Link Systems Inc.Omada Gateway (ER7406, ER706W, ER706-4G)0 < 1.2.xaffected
TP-Link Systems Inc.Omada Gateway (ER707-M2, ER-8411)0 < 1.3.xaffected
TP-Link Systems Inc.Omada Gateway (ER7412-M2, ER706WP-4G, ER703WP-4G-Outdoor, DR3220v-4G, DR3650v, DR3650v-4G)0 < 1.1.0affected
TP-Link Systems Inc.Omada Gateway (ER8411)0 < 1.3.5 Build 20251028 Rel.06811affected
TP-Link Systems Inc.Omada Gateway (ER706W-4G 2.0)0 < 2.1.0 Build 20250810 Rel.77020affected
TP-Link Systems Inc.Omada Gateway (ER701-5G-Outdoor)0 < 1.0.0 Build 20250826 Rel.68862affected
TP-Link Systems Inc.Omada Gateway (ER605W 2.0)0 < 2.0.2 Build 20250723 Rel.39048affected
TP-Link Systems Inc.Omada Gateway ER7212PC 2.00 < 2.2.1 Build 20251027 Rel.75129affected
TP-Link Systems Inc.Omada Festa Gateway FR3650 < 1.1.10 Build 20250626 Rel.81746affected
TP-Link Systems Inc.Omada Gateway G36W-4G0 < 1.1.5 Build 20250710 Rel.62142affected
TP-Link Systems Inc.Omada Access Point (EAP660 HD v1.0/v2.0, EAP620 HD v2.0/v3.0/v3.20, EAP610/EAP610-Outdoor v1.0/v2.0, EAP623-Outdoor HD v1.0, EAP625-Outdoor HD v1.0)EAP0 < 1.6.1affected
TP-Link Systems Inc.Omada Access Point (EAP655-Wall v1.0)0 < 1.6.2 Build 20251107 Rel.35700affected
TP-Link Systems Inc.Omada Access Point (EAP772 v1.0, EAP773 v1.0, EAP783 v1.0, EAP787 v1.0, EAP720 v1.0, EAP725-Wall v1.0, EAp723 v2.0)0 < 1.1.2affected
TP-Link Systems Inc.Omada Access Point (EAP723 v1.0, EAP772 v2.0, EAP772-Outdoor v 1.0, EAP770 v2.0)0 < 1.3.2 Build 20250901 Rel.52255affected
TP-Link Systems Inc.Omada Access Point (EAP215 Bridge KIT 3.0, EAP211 Bridge KIT 3.0)0 < 1.1.4 Build 20251112 Rel.34769affected
TP-Link Systems Inc.Omada Beam Bridge 5 UR v1.00 < 1.1.5 Build 20250928 Rel.68499affected
TP-Link Systems Inc.Omada Access Point (EAP603GP-Desktop, EAP615GP-Wall 1.0/1.20, EAP625GP-Wall 1.0/1.20, EAP610GP-Desktop 1.0/1.20/1.26), EAP650-Desktop v1.0)0 < 1.1.0affected
TP-Link Systems Inc.Omada Access Point (EAP650GP-Desktop 1.0)0 < 1.0.1 Build 20250819 Rel.60298affected
TP-Link Systems Inc.Omada Access Point (EAP653 v1.0, EAP650-Outdoor v1.0)0 < 1.3.3 Build 20251111 Rel.72627affected
TP-Link Systems Inc.Omada Access Point (EAP230-Wall v1.0, EAP235-Wall v1.0)0 < 3.3.1 Build 20251203 Rel.58135affected
TP-Link Systems Inc.Omada Access Point (EAP603-Outdoor v1.0, EAP615-Wall v1.0/v1.20)0 < 1.5.1affected
TP-Link Systems Inc.Omada Access Point (EAP653 UR v1.0)0 < 1.4.2 Build 20251208 Rel.43830affected
TP-Link Systems Inc.Omada Access Point (EAP615-Wall v1.0/v1.20)0 < 1.5.10 Build 20250903 Rel.49784affected
TP-Link Systems Inc.Omada EAP100-Bridge KIT v1.00 < 1.0.3 Build 20251015 Rel.62058affected

Weaknesses

  • CWE-760: CWE-760 Use of a One-Way Hash with a Predictable Salt

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References