CVE-2025-9290
Unknown Unknown - Not Provided
Authentication Bypass in Omada Controllers via Adoption Traffic Forgery

Publication date: 2026-01-23

Last updated on: 2026-03-16

Assigner: TPLink

Description
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-03-16
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9290
Affected Vendors & Products
Showing 64 associated CPEs
Vendor Product Version / Range
tp-link omada_controller to 6.0.0.24 (exc)
tp-link omada_controller to 6.0.0.100 (exc)
tp-link oc200_firmware to 1.37.9 (exc)
tp-link oc220_firmware to 1.1.3 (exc)
tp-link oc300_firmware to 1.31.9 (exc)
tp-link oc400_firmware to 1.9.9 (exc)
tp-link oc200_firmware to 2.22.9 (exc)
tp-link oc220_firmware *
tp-link er605_firmware to 2.3.2 (exc)
tp-link er7206_firmware to 2.2.2 (exc)
tp-link er7406_firmware to 1.2.2 (exc)
tp-link er707-m2_firmware to 1.3.1 (exc)
tp-link er7412-m2_firmware to 1.1.0 (exc)
tp-link er8411_firmware to 1.3.5 (exc)
tp-link er706w_firmware to 1.2.1 (exc)
tp-link er706w-4g_firmware to 1.2.1 (exc)
tp-link er706wp-4g_firmware to 1.1.0 (exc)
tp-link er703wp-4g-outdoor_firmware to 1.1.0 (exc)
tp-link dr3220v-4g_firmware to 1.1.0 (exc)
tp-link dr3650v-4g_firmware to 1.1.0 (exc)
tp-link dr3650v_firmware to 1.1.0 (exc)
tp-link er701-5g-outdoor_firmware to 1.0.0 (exc)
tp-link er605w_firmware to 2.0.2 (exc)
tp-link er7212pc_firmware to 2.2.1 (exc)
tp-link fr365_firmware to 1.1.10 (exc)
tp-link g36w-4g_firmware to 1.1.5 (exc)
tp-link eap655-wall_firmware to 1.6.2 (exc)
tp-link eap660_hd_firmware to 1.6.1 (exc)
tp-link eap620_hd_firmware to 1.6.1 (exc)
tp-link eap610-outdoor_firmware to 1.6.1 (exc)
tp-link eap610_firmware to 1.6.1 (exc)
tp-link eap623-outdoor_hd_firmware to 1.6.1 (exc)
tp-link eap625-outdoor_hd_firmware to 1.6.1 (exc)
tp-link eap772_firmware to 1.3.2 (exc)
tp-link eap772-outdoor_firmware to 1.3.2 (exc)
tp-link eap770_firmware to 1.3.2 (exc)
tp-link eap723_firmware to 1.3.2 (exc)
tp-link eap773_firmware to 1.1.2 (exc)
tp-link eap783_firmware to 1.1.2 (exc)
tp-link eap772_firmware to 1.1.2 (exc)
tp-link eap787_firmware to 1.1.2 (exc)
tp-link eap720_firmware to 1.1.2 (exc)
tp-link eap723_firmware to 1.1.2 (exc)
tp-link eap725-wall_firmware to 1.1.2 (exc)
tp-link eap215_bridge_kit_firmware to 1.1.4 (exc)
tp-link eap211_bridge_kit_firmware to 1.1.4 (exc)
tp-link beam_bridge_5_ur_firmware to 1.1.5 (exc)
tp-link eap603gp-desktop_firmware to 1.1.0 (exc)
tp-link eap615gp-wall_firmware to 1.1.0 (exc)
tp-link eap625gp-wall_firmware to 1.1.0 (exc)
tp-link eap610gp-desktop_firmware to 1.1.0 (exc)
tp-link eap650gp-desktop_firmware to 1.0.1 (exc)
tp-link eap653_firmware to 1.3.3 (exc)
tp-link eap650-outdoor_firmware to 1.3.3 (exc)
tp-link eap230-wall_firmware to 3.3.1 (exc)
tp-link eap235-wall_firmware to 3.3.1 (exc)
tp-link eap603-outdoor_firmware to 1.5.1 (exc)
tp-link eap653_ur_firmware to 1.4.2 (exc)
tp-link eap650-desktop_firmware to 1.1.0 (exc)
tp-link eap615-wall_firmware to 1.1.0 (exc)
tp-link eap100-bridge_kit_firmware to 1.0.3 (exc)
tp-link er706w-4g_firmware to 2.1.0 (exc)
tp-link omada_controller to 6.0.0.34 (exc)
tp-link omada_controller to 5.15.24 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-760 The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product uses a predictable salt as part of the input.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9290 is an authentication weakness in TP-Link Omada Controllers, Gateways, and Access Points caused by improper handling of random values during the controller-device adoption process. An attacker with advanced network positioning can intercept adoption traffic and use offline precomputation to forge valid authentication credentials. This allows the attacker to potentially expose sensitive information and compromise confidentiality. [1]

Impact Analysis

This vulnerability can lead to exposure of sensitive information and compromise the confidentiality of your network communications. An attacker exploiting this weakness could gain unauthorized access by forging authentication credentials during device adoption, potentially leading to further security breaches within your network. [1]

Mitigation Strategies

To mitigate CVE-2025-9290, immediately update your TP-Link Omada Controllers, Gateways, and Access Points to the latest firmware versions provided by TP-Link. After upgrading, change all relevant passwords to reduce the risk of password leakage. Failure to apply these updates leaves the vulnerability exploitable. [1]

Compliance Impact

The vulnerability can lead to exposure of sensitive information and compromise confidentiality, which may negatively impact compliance with standards and regulations such as GDPR and HIPAA that require protection of sensitive data. However, specific effects on compliance are not detailed in the provided resources. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9290. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart