Primary

Context

Omada Controllers Password Confirmation Bypass Vulnerability

Vulnerability

Patched

A password confirmation bypass vulnerability has been identified in Omada Controllers, affecting versions prior to 6.0. This vulnerability allows an attacker with a valid session token to bypass secondary verification processes when changing a user's password. As a result, the password can be altered without proper confirmation, leading to a reduction in account security.

Impact

Exploitation of this vulnerability could allow an attacker to change a user's password without authorization, potentially leading to unauthorized access to the user's account.

Remediation

Users are advised to update to version 6.0 or later. The latest version can be downloaded from the Omada Network Support website.

Added: Jan 26, 2026, 8:25 PM

Updated: Jan 26, 2026, 8:25 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.3

remediation

7.7

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.3

remediation

7.7

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Omada Controllers Password Confirmation Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

TP-Link Omada Controller

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating