ГлавнаяУязвимости → CVE-2026-1668
9.8критическая

CVE-2026-1668

Описание

The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service.

Затрагиваемое ПО
Tp-link Omada sg2005p-pd firmwareTp-link Omada sg2005p-pdTp-link Omada sg2008 firmwareTp-link Omada sg2008Tp-link Omada sg2008p firmwareTp-link Omada sg2008pTp-link Omada sg2016p firmwareTp-link Omada sg2016pTp-link Omada sg2210mp firmwareTp-link Omada sg2210mpTp-link Omada sg2210p firmwareTp-link Omada sg2210pTp-link Omada sg2210xmp-m2 firmwareTp-link Omada sg2210xmp-m2Tp-link Omada sg2218 firmwareTp-link Omada sg2218Tp-link Omada sg2218p firmwareTp-link Omada sg2218pTp-link Omada sg2428lp firmwareTp-link Omada sg2428lpTp-link Omada sg2428p firmwareTp-link Omada sg2428pTp-link Omada sg2452lp firmwareTp-link Omada sg2452lpTp-link Omada sg3210 firmware
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://support.omadanetworks.com/au/download/firmware/https://support.omadanetworks.com/en/download/firmware/https://support.omadanetworks.com/us/document/118794/https://support.omadanetworks.com/us/product/