CVE-2025-9290

MEDIUM
2026-01-23 f23511db-6c3e-4e32-a477-6aa17d310630
5.9
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 23, 2026 - 00:15 nvd
MEDIUM 5.9

Tags

Information Disclosure Eap100 Bridge Kit Firmware Er605 Firmware Eap723 Firmware Eap215 Bridge Kit Firmware Eap653 Ur Firmware Eap655 Wall Firmware Eap230 Wall Firmware Eap653 Firmware Eap773 Firmware Omada Controller Er707 M2 Firmware Er7206 Firmware Eap623 Outdoor Hd Firmware Eap783 Firmware Eap603 Outdoor Firmware Er701 5g Outdoor Firmware Eap770 Firmware Fr365 Firmware Eap603gp Desktop Firmware Oc300 Firmware Eap235 Wall Firmware Eap610gp Desktop Firmware Er7406 Firmware Er706w Firmware Er8411 Firmware Oc400 Firmware Dr3220v 4g Firmware Eap625gp Wall Firmware Er7212pc Firmware G36w 4g Firmware Er706wp 4g Firmware Er703wp 4g Outdoor Firmware Eap772 Outdoor Firmware Er7412 M2 Firmware Beam Bridge 5 Ur Firmware Eap787 Firmware Er605w Firmware Er706w 4g Firmware Eap610 Firmware Eap650gp Desktop Firmware Eap615 Wall Firmware Oc220 Firmware Eap615gp Wall Firmware Eap625 Outdoor Hd Firmware Eap211 Bridge Kit Firmware Eap660 Hd Firmware Oc200 Firmware Eap772 Firmware Eap610 Outdoor Firmware Eap650 Outdoor Firmware Eap620 Hd Firmware Dr3650v 4g Firmware Dr3650v Firmware Eap650 Desktop Firmware Eap725 Wall Firmware Eap720 Firmware

Description

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.

Analysis

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values.

Technical Context

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.

Affected Products

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and

Remediation

Monitor vendor advisories for a patch.

Priority Score

30
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +30
POC: 0

Share

CVE-2025-9290 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy