CVE-2026-1668

Summary

The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems Inc.SG2008P 3.2x0 < 3.20.17 Build 20260121 Rel.53429affected
TP-Link Systems Inc.SG2008P 3.3x0 < 3.30.1 Build 20260127 Rel.32017affected
TP-Link Systems Inc.SX3016F 1.3x0 < 1.30.1 Build 20260129 Rel.8831affected
TP-Link Systems Inc.SX3016F 1.2x0 < 1.20.16 Build 20260121 Rel.57953affected
TP-Link Systems Inc.SG3428 2.4x0 < 2.40.1 Build 20260127 Rel.39545affected
TP-Link Systems Inc.SG3428XMP 3.3x0 < 3.30.1 Build 20260127 Rel.39545affected
TP-Link Systems Inc.SG3428X 1.4x0 < 1.40.1 Build 20260127 Rel.39545affected
TP-Link Systems Inc.SG3428XF 1.3x0 < 1.30.1 Build 20260127 Rel.39545affected
TP-Link Systems Inc.SG3452P 3.4x0 < 3.40.1 Build 20260128 Rel.7041affected
TP-Link Systems Inc.SG3428MP 6.3x0 < 6.30.1 Build 20260127 Rel.39545affected
TP-Link Systems Inc.SG2218P 2.2x0 < 2.20.2 Build 20260127 Rel.32017affected
TP-Link Systems Inc.SG2016P 1.3x0 < 1.30.1 Build 20260127 Rel.32017affected
TP-Link Systems Inc.SG3452XP 2.3x0 < 2.30.1 Build 20260128 Rel.8721affected
TP-Link Systems Inc.SG3428XMPP 1.2x0 < 1.20.1 Build 20260127 Rel.39545affected
TP-Link Systems Inc.SG3452X 1.3x0 < 1.30.1 Build 20260128 Rel.8721affected
TP-Link Systems Inc.SG2008 4.3x0 < 4.30.1 Build 20260127 Rel.32017affected
TP-Link Systems Inc.SG3210 3.3x0 < 3.30.1 Build 20260206 Rel.33103affected
TP-Link Systems Inc.SG2210MP 5.2x0 < 5.20.1 Build 20260127 Rel.32017affected
TP-Link Systems Inc.SG2210P 5.3x0 < 5.30.1 Build 20260127 Rel.32017affected
TP-Link Systems Inc.SG2218 1.3x0 < 1.30.1 Build 20260127 Rel.32017affected
TP-Link Systems Inc.SG3452 1.3x0 < 1.30.1 Build 20260128 Rel.7041affected
TP-Link Systems Inc.SG3210X-M2 1.2x0 < 1.20.1 Build 20260129 Rel.13605affected
TP-Link Systems Inc.SG2210XMP-M2 1.x0 < 1.0.19 Build 20260121 Rel.53314affected
TP-Link Systems Inc.SG2008 4.2x0 < 4.20.17 Build 20260121 Rel.53429affected
TP-Link Systems Inc.SG2218P 1.2x0 < 1.20.17 Build 20260121 Rel.53429affected
TP-Link Systems Inc.SG3210 3.2x0 < 3.20.17 Build 20260121 Rel.53429affected
TP-Link Systems Inc.SG3428X-M2 1.2x0 < 1.20.18 Build 20260121 Rel.54271affected
TP-Link Systems Inc.SX3832MPP 1.x0 < 1.0.11 Build 20260121 Rel.56907affected
TP-Link Systems Inc.SG2218 1.2x0 < 1.20.17 Build 20260121 Rel.53429affected
TP-Link Systems Inc.SX3832 1.x0 < 1.0.12 Build 20260121 Rel.56907affected
TP-Link Systems Inc.SG2428LP 1.x0 < 1.0.15 Build 20260121 Rel.53429affected
TP-Link Systems Inc.SL2428P 6.2x0 < 6.20.18 Build 20260121 Rel.53429affected
TP-Link Systems Inc.SG3218XP-M2 1.x0 < 1.0.19 Build 20260121 Rel.53314affected
TP-Link Systems Inc.SG3210XHP-M2 3.x0 < 3.0.21 Build 20260121 Rel.53314affected
TP-Link Systems Inc.SG2218P 2.x0 < 2.0.14 Build 20260121 Rel.53429affected
TP-Link Systems Inc.SG3210X-M2 1.x0 < 1.0.19 Build 20260121 Rel.53314affected
TP-Link Systems Inc.SG2428P 5.3x0 < 5.30.16 Build 20260121 Rel.53429affected
TP-Link Systems Inc.SG2210MP 4.2x0 < 4.20.18 Build 20260121 Rel.53429affected
TP-Link Systems Inc.SG3452P 3.3x0 < 3.30.17 Build 20260121 Rel.54132affected
TP-Link Systems Inc.SG3452 1.2x0 < 1.20.17 Build 20260121 Rel.54132affected
TP-Link Systems Inc.SG2452LP 1.x0 < 1.0.13 Build 20260121 Rel.54132affected
TP-Link Systems Inc.SX3032F 1.x0 < 1.0.15 Build 20260121 Rel.56907affected
TP-Link Systems Inc.SG3452X 1.2x0 < 1.20.18 Build 20260121 Rel.55833affected
TP-Link Systems Inc.SG3452XMPP 1.x0 < 1.0.15 Build 20260121 Rel.55833affected
TP-Link Systems Inc.SG3428XPP-M2 1.2x0 < 1.20.19 Build 20260121 Rel.54271affected
TP-Link Systems Inc.TL-SG3452P 3.00 < 3.0.22 Build 20260121 Rel.54132affected
TP-Link Systems Inc.SG2428P 5.2x0 < 5.20.20 Build 20260121 Rel.53429affected
TP-Link Systems Inc.SG2210MP 5.x0 < 5.0.15 Build 20260121 Rel.53429affected
TP-Link Systems Inc.SG2005P-PD 1.x0 < 1.0.19 Build 20260121 Rel.53429affected
TP-Link Systems Inc.SG2016P 1.2x0 < 1.20.17 Build 20260121 Rel.53429affected
TP-Link Systems Inc.SG3452XP 2.2x0 < 2.20.20 Build 20260121 Rel.55833affected
TP-Link Systems Inc.SG3428XMP 3.2x0 < 3.20.21 Build 20260113 Rel.67732affected
TP-Link Systems Inc.SG3428X 1.3x0 < 1.30.17 Build 20260113 Rel.67732affected
TP-Link Systems Inc.SG3428XF 1.2x0 < 1.20.16 Build 20260113 Rel.67732affected
TP-Link Systems Inc.SG3428MP 6.2x0 < 6.20.20 Build 20260113 Rel.67732affected
TP-Link Systems Inc.TL-SG3428MP 5.x0 < 5.0.25 Build 20260113 Rel.67732affected
TP-Link Systems Inc.SG3428 2.3x0 < 2.30.16 Build 20260113 Rel.67732affected
TP-Link Systems Inc.SG3428XMPP 1.x0 < 1.0.16 Build 20260113 Rel.67732affected
TP-Link Systems Inc.TL-SG2428P 4.x0 < 4.0.26 Build 20260121 Rel.53429affected
TP-Link Systems Inc.SG2210P 5.2x0 < 5.20.18 Build 20260121 Rel.53429affected
TP-Link Systems Inc.SX3008F 1.2x0affected
TP-Link Systems Inc.SX3206HPP 1.200affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References