Vulnerability Details CVE-2025-9290
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.3%
CVSS Severity
CVSS v3 Score 5.9
References
Products affected by CVE-2025-9290
-
cpe:2.3:a:tp-link:omada_controller:*
-
cpe:2.3:h:tp-link:beam_bridge_5_ur:1.0
-
cpe:2.3:h:tp-link:dr3220v-4g:-
-
cpe:2.3:h:tp-link:dr3650v-4g:-
-
cpe:2.3:h:tp-link:dr3650v:-
-
cpe:2.3:h:tp-link:eap100-bridge_kit:1.0
-
cpe:2.3:h:tp-link:eap211_bridge_kit:3.0
-
cpe:2.3:h:tp-link:eap215_bridge_kit:3.0
-
cpe:2.3:h:tp-link:eap230-wall:1.0
-
cpe:2.3:h:tp-link:eap235-wall:1.0
-
cpe:2.3:h:tp-link:eap603-outdoor:1.0
-
cpe:2.3:h:tp-link:eap603gp-desktop:1.0
-
cpe:2.3:h:tp-link:eap610-outdoor:1.0
-
cpe:2.3:h:tp-link:eap610-outdoor:1.20
-
cpe:2.3:h:tp-link:eap610:1.0
-
cpe:2.3:h:tp-link:eap610:2.0
-
cpe:2.3:h:tp-link:eap610gp-desktop:1.0
-
cpe:2.3:h:tp-link:eap610gp-desktop:1.20
-
cpe:2.3:h:tp-link:eap610gp-desktop:1.26
-
cpe:2.3:h:tp-link:eap615-wall:1.0
-
cpe:2.3:h:tp-link:eap615gp-wall:1.0
-
cpe:2.3:h:tp-link:eap615gp-wall:1.20
-
cpe:2.3:h:tp-link:eap620_hd:3.0
-
cpe:2.3:h:tp-link:eap620_hd:3.20
-
cpe:2.3:h:tp-link:eap623-outdoor_hd:1.0
-
cpe:2.3:h:tp-link:eap625-outdoor_hd:1.0
-
cpe:2.3:h:tp-link:eap625gp-wall:1.0
-
cpe:2.3:h:tp-link:eap625gp-wall:1.20
-
cpe:2.3:h:tp-link:eap650-desktop:1.0
-
cpe:2.3:h:tp-link:eap650-outdoor:1.0
-
cpe:2.3:h:tp-link:eap650gp-desktop:1.0
-
cpe:2.3:h:tp-link:eap653:1.0
-
cpe:2.3:h:tp-link:eap653_ur:1.0
-
cpe:2.3:h:tp-link:eap655-wall:1.0
-
cpe:2.3:h:tp-link:eap660_hd:1.0
-
cpe:2.3:h:tp-link:eap660_hd:2.0
-
cpe:2.3:h:tp-link:eap720:1.0
-
cpe:2.3:h:tp-link:eap723:1.0
-
cpe:2.3:h:tp-link:eap723:2.0
-
cpe:2.3:h:tp-link:eap725-wall:1.0
-
cpe:2.3:h:tp-link:eap770:2.0
-
cpe:2.3:h:tp-link:eap772-outdoor:1.0
-
cpe:2.3:h:tp-link:eap772:1.0
-
cpe:2.3:h:tp-link:eap772:2.0
-
cpe:2.3:h:tp-link:eap773:1.0
-
cpe:2.3:h:tp-link:eap783:1.0
-
cpe:2.3:h:tp-link:eap787:1.0
-
cpe:2.3:h:tp-link:er605:2.0
-
cpe:2.3:h:tp-link:er605w:2.0
-
cpe:2.3:h:tp-link:er701-5g-outdoor:-
-
cpe:2.3:h:tp-link:er703wp-4g-outdoor:-
-
cpe:2.3:h:tp-link:er706w-4g:-
-
cpe:2.3:h:tp-link:er706w-4g:2.0
-
cpe:2.3:h:tp-link:er706w:-
-
cpe:2.3:h:tp-link:er706wp-4g:-
-
cpe:2.3:h:tp-link:er707-m2:-
-
cpe:2.3:h:tp-link:er7206:2.0
-
cpe:2.3:h:tp-link:er7212pc:2.0
-
cpe:2.3:h:tp-link:er7406:-
-
cpe:2.3:h:tp-link:er7412-m2:-
-
cpe:2.3:h:tp-link:er8411:-
-
cpe:2.3:h:tp-link:fr365:-
-
cpe:2.3:h:tp-link:g36w-4g:-
-
cpe:2.3:h:tp-link:oc200:1
-
cpe:2.3:h:tp-link:oc200:2
-
cpe:2.3:h:tp-link:oc220:1
-
cpe:2.3:h:tp-link:oc220:2
-
cpe:2.3:h:tp-link:oc300:1.6
-
cpe:2.3:h:tp-link:oc400:1.6
-
cpe:2.3:o:tp-link:beam_bridge_5_ur_firmware:*
-
cpe:2.3:o:tp-link:dr3220v-4g_firmware:*
-
cpe:2.3:o:tp-link:dr3650v-4g_firmware:*
-
cpe:2.3:o:tp-link:dr3650v_firmware:*
-
cpe:2.3:o:tp-link:eap100-bridge_kit_firmware:*
-
cpe:2.3:o:tp-link:eap211_bridge_kit_firmware:*
-
cpe:2.3:o:tp-link:eap215_bridge_kit_firmware:*
-
cpe:2.3:o:tp-link:eap230-wall_firmware:*
-
cpe:2.3:o:tp-link:eap235-wall_firmware:*
-
cpe:2.3:o:tp-link:eap603-outdoor_firmware:*
-
cpe:2.3:o:tp-link:eap603gp-desktop_firmware:*
-
cpe:2.3:o:tp-link:eap610-outdoor_firmware:*
-
cpe:2.3:o:tp-link:eap610_firmware:*
-
cpe:2.3:o:tp-link:eap610gp-desktop_firmware:*
-
cpe:2.3:o:tp-link:eap615-wall_firmware:*
-
cpe:2.3:o:tp-link:eap615gp-wall_firmware:*
-
cpe:2.3:o:tp-link:eap620_hd_firmware:*
-
cpe:2.3:o:tp-link:eap623-outdoor_hd_firmware:*
-
cpe:2.3:o:tp-link:eap625-outdoor_hd_firmware:*
-
cpe:2.3:o:tp-link:eap625gp-wall_firmware:*
-
cpe:2.3:o:tp-link:eap650-desktop_firmware:*
-
cpe:2.3:o:tp-link:eap650-outdoor_firmware:*
-
cpe:2.3:o:tp-link:eap650gp-desktop_firmware:*
-
cpe:2.3:o:tp-link:eap653_firmware:*
-
cpe:2.3:o:tp-link:eap653_ur_firmware:*
-
cpe:2.3:o:tp-link:eap655-wall_firmware:*
-
cpe:2.3:o:tp-link:eap660_hd_firmware:*
-
cpe:2.3:o:tp-link:eap720_firmware:*
-
cpe:2.3:o:tp-link:eap723_firmware:*
-
cpe:2.3:o:tp-link:eap725-wall_firmware:*
-
cpe:2.3:o:tp-link:eap770_firmware:*
-
cpe:2.3:o:tp-link:eap772-outdoor_firmware:*
-
cpe:2.3:o:tp-link:eap772_firmware:*
-
cpe:2.3:o:tp-link:eap773_firmware:*
-
cpe:2.3:o:tp-link:eap783_firmware:*
-
cpe:2.3:o:tp-link:eap787_firmware:*
-
cpe:2.3:o:tp-link:er605_firmware:2.3.1
-
cpe:2.3:o:tp-link:er605w_firmware:*
-
cpe:2.3:o:tp-link:er701-5g-outdoor_firmware:*
-
cpe:2.3:o:tp-link:er703wp-4g-outdoor_firmware:*
-
cpe:2.3:o:tp-link:er706w-4g_firmware:*
-
cpe:2.3:o:tp-link:er706w-4g_firmware:1.2.1
-
cpe:2.3:o:tp-link:er706w_firmware:*
-
cpe:2.3:o:tp-link:er706wp-4g_firmware:*
-
cpe:2.3:o:tp-link:er707-m2_firmware:*
-
cpe:2.3:o:tp-link:er7206_firmware:1.3.0
-
cpe:2.3:o:tp-link:er7206_firmware:1.4.1
-
cpe:2.3:o:tp-link:er7212pc_firmware:2.1.3
-
cpe:2.3:o:tp-link:er7406_firmware:*
-
cpe:2.3:o:tp-link:er7412-m2_firmware:*
-
cpe:2.3:o:tp-link:er8411_firmware:1.3.3
-
cpe:2.3:o:tp-link:fr365_firmware:*
-
cpe:2.3:o:tp-link:g36w-4g_firmware:*
-
cpe:2.3:o:tp-link:oc200_firmware:*
-
cpe:2.3:o:tp-link:oc220_firmware:*
-
cpe:2.3:o:tp-link:oc220_firmware:-
-
cpe:2.3:o:tp-link:oc300_firmware:*
-
cpe:2.3:o:tp-link:oc400_firmware:*