Primary

Context

Omada Controllers Blind Server-Side Request Forgery Vulnerability

Vulnerability

Patched

A blind server-side request forgery (SSRF) vulnerability has been identified in Omada Controllers prior to version 6.0. This vulnerability arises from the webhook functionality, which allows crafted requests to be sent to internal services. Exploiting this flaw could lead to unauthorized information enumeration.

Impact

Exploitation of this vulnerability could allow for unauthorized enumeration of internal information.

Remediation

Users are advised to update to version 6.0 or later. The latest version can be downloaded from the Omada Network Support website.

Added: Jan 26, 2026, 8:25 PM

Updated: Jan 26, 2026, 8:25 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

3.8

remediation

7.7

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

3.8

remediation

7.7

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Omada Controllers Blind Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

TP-Link Omada Controllers

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating