Omada Controller

5 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-9522 MEDIUM This Month

Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information. [CVSS 5.3 MEDIUM]

SSRF Omada Controller
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-9521 MEDIUM This Month

Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security. [CVSS 6.5 MEDIUM]

Authentication Bypass Omada Controller
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-9520 MEDIUM This Month

An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account. [CVSS 6.8 MEDIUM]

Authentication Bypass Omada Controller
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-9290 MEDIUM This Month

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values.

Information Disclosure Eap100 Bridge Kit Firmware Er605 Firmware Eap723 Firmware Eap215 Bridge Kit Firmware +52
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-9289 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator.

XSS Oc200 Firmware Oc400 Firmware Oc300 Firmware Oc220 Firmware +1
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-9522
EPSS 0% CVSS 5.3
MEDIUM This Month

Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information. [CVSS 5.3 MEDIUM]

SSRF Omada Controller
NVD
CVE-2025-9521
EPSS 0% CVSS 6.5
MEDIUM This Month

Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security. [CVSS 6.5 MEDIUM]

Authentication Bypass Omada Controller
NVD
CVE-2025-9520
EPSS 0% CVSS 6.8
MEDIUM This Month

An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account. [CVSS 6.8 MEDIUM]

Authentication Bypass Omada Controller
NVD
CVE-2025-9290
EPSS 0% CVSS 5.9
MEDIUM This Month

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values.

Information Disclosure Eap100 Bridge Kit Firmware Er605 Firmware +54
NVD VulDB
CVE-2025-9289
EPSS 0% CVSS 4.7
MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator.

XSS Oc200 Firmware Oc400 Firmware +3
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy