A Cross-Site Scripting (XSS) vulnerability has been identified in Omada Controllers, including software versions for Windows and Linux, as well as cloud and certain hardware controllers. This vulnerability arises from improper input sanitization, allowing an authenticated administrator to execute arbitrary JavaScript in their browser. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity.
Successful exploitation allows for Cross-Site Scripting, where an attacker can execute malicious scripts in the context of the user's browser, potentially leading to the exposure of sensitive information.
Users are advised to update to the latest firmware version available on the Omada Download Center. After the firmware upgrade, changing the password is recommended to mitigate the risk of password leakage.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
