CVE-2026-1668

Input Validation Vulnerability on Multiple Omada Switches

CVSS 7.7 HIGHEPSS 1.0%CWE-20

The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service.

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

TP-Link Systems Inc. · SG2005P-PD 1.x TP-Link Systems Inc. · SG2008 4.2x TP-Link Systems Inc. · SG2008 4.3x TP-Link Systems Inc. · SG2008P 3.2x TP-Link Systems Inc. · SG2008P 3.3x TP-Link Systems Inc. · SG2016P 1.2x TP-Link Systems Inc. · SG2016P 1.3x TP-Link Systems Inc. · SG2210MP 4.2x TP-Link Systems Inc. · SG2210MP 5.2x TP-Link Systems Inc. · SG2210MP 5.x TP-Link Systems Inc. · SG2210P 5.2x TP-Link Systems Inc. · SG2210P 5.3x TP-Link Systems Inc. · SG2210XMP-M2 1.x TP-Link Systems Inc. · SG2218 1.2x TP-Link Systems Inc. · SG2218 1.3x TP-Link Systems Inc. · SG2218P 1.2x TP-Link Systems Inc. · SG2218P 2.2x TP-Link Systems Inc. · SG2218P 2.x TP-Link Systems Inc. · SG2428LP 1.x TP-Link Systems Inc. · SG2428P 5.2x TP-Link Systems Inc. · SG2428P 5.3x TP-Link Systems Inc. · SG2452LP 1.x TP-Link Systems Inc. · SG3210 3.2x TP-Link Systems Inc. · SG3210 3.3x TP-Link Systems Inc. · SG3210XHP-M2 3.x TP-Link Systems Inc. · SG3210X-M2 1.2x TP-Link Systems Inc. · SG3210X-M2 1.x TP-Link Systems Inc. · SG3218XP-M2 1.x TP-Link Systems Inc. · SG3428 2.3x TP-Link Systems Inc. · SG3428 2.4x TP-Link Systems Inc. · SG3428MP 6.2x TP-Link Systems Inc. · SG3428MP 6.3x TP-Link Systems Inc. · SG3428X 1.3x TP-Link Systems Inc. · SG3428X 1.4x TP-Link Systems Inc. · SG3428XF 1.2x TP-Link Systems Inc. · SG3428XF 1.3x TP-Link Systems Inc. · SG3428X-M2 1.2x TP-Link Systems Inc. · SG3428XMP 3.2x TP-Link Systems Inc. · SG3428XMP 3.3x TP-Link Systems Inc. · SG3428XMPP 1.2x TP-Link Systems Inc. · SG3428XMPP 1.x TP-Link Systems Inc. · SG3428XPP-M2 1.2x TP-Link Systems Inc. · SG3452 1.2x TP-Link Systems Inc. · SG3452 1.3x TP-Link Systems Inc. · SG3452P 3.3x TP-Link Systems Inc. · SG3452P 3.4x TP-Link Systems Inc. · SG3452X 1.2x TP-Link Systems Inc. · SG3452X 1.3x TP-Link Systems Inc. · SG3452XMPP 1.x TP-Link Systems Inc. · SG3452XP 2.2x TP-Link Systems Inc. · SG3452XP 2.3x TP-Link Systems Inc. · SL2428P 6.2x TP-Link Systems Inc. · SX3008F 1.2x TP-Link Systems Inc. · SX3016F 1.2x TP-Link Systems Inc. · SX3016F 1.3x TP-Link Systems Inc. · SX3032F 1.x TP-Link Systems Inc. · SX3206HPP 1.20 TP-Link Systems Inc. · SX3832 1.x TP-Link Systems Inc. · SX3832MPP 1.x TP-Link Systems Inc. · TL-SG2428P 4.x TP-Link Systems Inc. · TL-SG3428MP 5.x TP-Link Systems Inc. · TL-SG3452P 3.0

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://support.omadanetworks.com/au/download/firmware/https://support.omadanetworks.com/en/download/firmware/https://support.omadanetworks.com/us/document/118794/https://support.omadanetworks.com/us/product/