Multiple TP-Link Omada Vulnerabilities found

Several vulnerabilities have been found in the TP-Link Omada system, which is a popular software-defined networking solution for small to medium-sized businesses. The vulnerabilities could let attackers run code from a distance, causing serious security issues.

The affected devices are wireless access points, routers, switches, VPN devices, and hardware controllers for the Omada software.

• Alert
• Vulnerabilities

Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack

By infosecbulletin / Wednesday , January 22 2025

Fortinet customers must apply the latest updates, as almost 50,000 management interfaces remain vulnerable to the latest zero-day exploit. The...

Read More

• Daily Security Update

Daily Security Update Dated: 21.01.2025

By infosecbulletin / Tuesday , January 21 2025

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...

Read More

• Uncategorized

126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems

By infosecbulletin / Tuesday , January 21 2025

Ubuntu 22.04 LTS users are advised to update their systems right away due to a crucial security patch from Canonical...

Read More

• Uncategorized

CERT-UA alerts about “security audit” requests through AnyDesk

By infosecbulletin / Tuesday , January 21 2025

Attackers are pretending to be Ukraine's Computer Emergency Response Team (CERT-UA) using AnyDesk to access target computers. “Unidentified individuals are...

Read More

• Uncategorized

Oracle Critical Pre-Release update addressed 320 flaw

By infosecbulletin / Tuesday , January 21 2025

Oracle Critical Patch Update Pre-Release Announcement shares details about the upcoming update scheduled for January 21, 2025. Note that this...

Read More

• Hot Topic

OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025

By infosecbulletin / Tuesday , January 21 2025

OWASP has released its updated list of the top 10 vulnerabilities in smart contracts for 2025. This guide highlights the...

Read More

• Alert
• Vulnerabilities

Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS

By infosecbulletin / Monday , January 20 2025

Security researchers have found several vulnerabilities in Azure DevOps that could enable attackers to inject CRLF queries and carry out...

Read More

• Uncategorized

Intel holds 22 employees from one Bangladeshi University

By infosecbulletin / Monday , January 20 2025

Intel Corporation is a leading semiconductor chip manufacturer, employing at least 22 graduates from the Department of Applied Chemistry and...

Read More

• Uncategorized

VPN Surge 1500% in USA after TikTok Shut Down

By infosecbulletin / Sunday , January 19 2025

vpnMentor’s Research Team is monitoring the potential TikTok ban in the U.S., driven by national security and data privacy issues....

Read More

• International

MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology

By infosecbulletin / Saturday , January 18 2025

MITRE launched D3FENDTM 1.0, a cybersecurity framework that provides a vocabulary and understanding of the cyber domain. D3FEND 1.0, funded...

Read More

Vulnerability Details:

Identified Vulnerabilities

Twelve unique vulnerabilities were identified and reported to the vendor following our responsible disclosure policy.

Talos ID CVE(s)
TALOS-2023-1888 CVE-2023-49906–CVE-2023-49913
TALOS-2023-1864 CVE-2023-48724
TALOS-2023-1862 CVE-2023-49133–CVE-2023-49134
TALOS-2023-1861 CVE-2023-49074
TALOS-2023-1859 CVE-2023-47618
TALOS-2023-1858 CVE-2023-47617
TALOS-2023-1857 CVE-2023-46683
TALOS-2023-1856 CVE-2023-42664
TALOS-2023-1855 CVE-2023-47167
TALOS-2023-1854 CVE-2023-47209
TALOS-2023-1853 CVE-2023-36498
TALOS-2023-1850 CVE-2023-43482

Cisco Talos found twelve vulnerabilities in the TP-Link Omada system. The vendor was informed about these vulnerabilities following a responsible disclosure policy. The affected devices are:

EAP 115 and EAP 225 wireless access points
ER7206 gigabit VPN router
Omada software controller

To read out the full report click here.