Omada Controller
CVE-2025-9520
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account.
AnalysisAI
An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account. [CVSS 6.8 MEDIUM]
Technical ContextAI
Classified as CWE-639 (Authorization Bypass Through User-Controlled Key). Affects Omada Controller. An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Omada Controller
View allTP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.p
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypa
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption d
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests t
A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sani
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today