Primary

Context

Omada Controllers IDOR Vulnerability Allowing Owner Account Hijacking

Vulnerability

Patched

An Insecure Direct Object Reference (IDOR) vulnerability has been identified in Omada Controllers, affecting versions prior to 6.0. This vulnerability allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account. Exploitation of this vulnerability could lead to a full takeover of the Owner account, granting complete administrative control over the Omada Controller and connected services.

Impact

Exploitation of this vulnerability could result in a full takeover of the Owner account, allowing the attacker to gain complete administrative control over the Omada Controller and its connected services.

Remediation

Users are advised to update to version 6.0 or later. The latest version can be downloaded from the Omada Network Support website.

Added: Jan 26, 2026, 8:27 PM

Updated: Jan 26, 2026, 8:27 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

4.4

remediation

7.7

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

4.4

remediation

7.7

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Omada Controllers IDOR Vulnerability Allowing Owner Account Hijacking

Vulnerability

Impact

Remediation

Affected Products

TP-Link Omada Controller

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating