Vulnerability Details CVE-2026-1668
The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.6%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2026-1668
-
cpe:2.3:h:tp-link:omada_sg2005p-pd:-
-
cpe:2.3:h:tp-link:omada_sg2008:-
-
cpe:2.3:h:tp-link:omada_sg2008p:-
-
cpe:2.3:h:tp-link:omada_sg2016p:-
-
cpe:2.3:h:tp-link:omada_sg2210mp:-
-
cpe:2.3:h:tp-link:omada_sg2210p:-
-
cpe:2.3:h:tp-link:omada_sg2210xmp-m2:-
-
cpe:2.3:h:tp-link:omada_sg2218:-
-
cpe:2.3:h:tp-link:omada_sg2218p:-
-
cpe:2.3:h:tp-link:omada_sg2428lp:-
-
cpe:2.3:h:tp-link:omada_sg2428p:-
-
cpe:2.3:h:tp-link:omada_sg2452lp:-
-
cpe:2.3:h:tp-link:omada_sg3210:-
-
cpe:2.3:h:tp-link:omada_sg3210x-m2:-
-
cpe:2.3:h:tp-link:omada_sg3210xhp-m2:-
-
cpe:2.3:h:tp-link:omada_sg3218xp-m2:-
-
cpe:2.3:h:tp-link:omada_sg3428:-
-
cpe:2.3:h:tp-link:omada_sg3428mp:-
-
cpe:2.3:h:tp-link:omada_sg3428x-m2:-
-
cpe:2.3:h:tp-link:omada_sg3428x:-
-
cpe:2.3:h:tp-link:omada_sg3428xf:-
-
cpe:2.3:h:tp-link:omada_sg3428xmp:-
-
cpe:2.3:h:tp-link:omada_sg3428xmpp:-
-
cpe:2.3:h:tp-link:omada_sg3428xpp-m2:-
-
cpe:2.3:h:tp-link:omada_sg3452:-
-
cpe:2.3:h:tp-link:omada_sg3452p:-
-
cpe:2.3:h:tp-link:omada_sg3452x:-
-
cpe:2.3:h:tp-link:omada_sg3452xmpp:-
-
cpe:2.3:h:tp-link:omada_sg3452xp:-
-
cpe:2.3:h:tp-link:omada_sl2428p:-
-
cpe:2.3:h:tp-link:omada_sx3008f:-
-
cpe:2.3:h:tp-link:omada_sx3016f:-
-
cpe:2.3:h:tp-link:omada_sx3032f:-
-
cpe:2.3:h:tp-link:omada_sx3206hpp:-
-
cpe:2.3:h:tp-link:omada_sx3832:-
-
cpe:2.3:h:tp-link:omada_sx3832mpp:-
-
cpe:2.3:h:tp-link:omada_tl-sg2428p:-
-
cpe:2.3:h:tp-link:omada_tl-sg3428mp:-
-
cpe:2.3:h:tp-link:omada_tl-sg3452p:-
-
cpe:2.3:o:tp-link:omada_sg2005p-pd_firmware:*
-
cpe:2.3:o:tp-link:omada_sg2008_firmware:*
-
cpe:2.3:o:tp-link:omada_sg2008p_firmware:*
-
cpe:2.3:o:tp-link:omada_sg2016p_firmware:*
-
cpe:2.3:o:tp-link:omada_sg2210mp_firmware:*
-
cpe:2.3:o:tp-link:omada_sg2210p_firmware:*
-
cpe:2.3:o:tp-link:omada_sg2210xmp-m2_firmware:*
-
cpe:2.3:o:tp-link:omada_sg2218_firmware:*
-
cpe:2.3:o:tp-link:omada_sg2218p_firmware:*
-
cpe:2.3:o:tp-link:omada_sg2428lp_firmware:*
-
cpe:2.3:o:tp-link:omada_sg2428p_firmware:*
-
cpe:2.3:o:tp-link:omada_sg2452lp_firmware:*
-
cpe:2.3:o:tp-link:omada_sg3210_firmware:*
-
cpe:2.3:o:tp-link:omada_sg3210x-m2_firmware:*
-
cpe:2.3:o:tp-link:omada_sg3210xhp-m2_firmware:*
-
cpe:2.3:o:tp-link:omada_sg3218xp-m2_firmware:*
-
cpe:2.3:o:tp-link:omada_sg3428_firmware:*
-
cpe:2.3:o:tp-link:omada_sg3428mp_firmware:*
-
cpe:2.3:o:tp-link:omada_sg3428x-m2_firmware:*
-
cpe:2.3:o:tp-link:omada_sg3428x_firmware:*
-
cpe:2.3:o:tp-link:omada_sg3428xf_firmware:*
-
cpe:2.3:o:tp-link:omada_sg3428xmp_firmware:*
-
cpe:2.3:o:tp-link:omada_sg3428xmpp_firmware:*
-
cpe:2.3:o:tp-link:omada_sg3428xpp-m2_firmware:*
-
cpe:2.3:o:tp-link:omada_sg3452_firmware:*
-
cpe:2.3:o:tp-link:omada_sg3452p_firmware:*
-
cpe:2.3:o:tp-link:omada_sg3452x_firmware:*
-
cpe:2.3:o:tp-link:omada_sg3452xmpp_firmware:*
-
cpe:2.3:o:tp-link:omada_sg3452xp_firmware:*
-
cpe:2.3:o:tp-link:omada_sl2428p_firmware:*
-
cpe:2.3:o:tp-link:omada_sx3008f_firmware:*
-
cpe:2.3:o:tp-link:omada_sx3016f_firmware:*
-
cpe:2.3:o:tp-link:omada_sx3032f_firmware:*
-
cpe:2.3:o:tp-link:omada_sx3206hpp_firmware:*
-
cpe:2.3:o:tp-link:omada_sx3832_firmware:*
-
cpe:2.3:o:tp-link:omada_sx3832mpp_firmware:*
-
cpe:2.3:o:tp-link:omada_tl-sg2428p_firmware:*
-
cpe:2.3:o:tp-link:omada_tl-sg3428mp_firmware:*
-
cpe:2.3:o:tp-link:omada_tl-sg3452p_firmware:*