CVE-2025-9289 (GCVE-0-2025-9289)
Vulnerability from cvelistv5 – Published: 2026-01-22 21:48 – Updated: 2026-01-23 20:16
VLAI
Title
Cross-Site Scripting (XSS) on Omada Controllers
Summary
A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator’s browser, potentially exposing sensitive information and compromising confidentiality.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.omadanetworks.com/us/download/ | patch |
| https://support.omadanetworks.com/us/document/114950/ | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link Systems Inc. | Omada Software Controller |
Affected:
0 , < 6.0.0.24
(custom)
|
|
| TP-Link Systems Inc. | Omada OC200, OC220, OC300, OC400 |
Affected:
0 , < 6.0.0.34
(custom)
|
|
| TP-Link Systems Inc. | Omada cloud controller |
Affected:
0 , < 6.0.0.100
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9289",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T20:15:52.769770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T20:16:00.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Omada Software Controller",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "6.0.0.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada OC200, OC220, OC300, OC400",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "6.0.0.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada cloud controller",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "6.0.0.100",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco La Spina, Stanislav Dashevskyi from Forescout Technologies"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator\u2019s browser, potentially exposing sensitive information and compromising confidentiality."
}
],
"value": "A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator\u2019s browser, potentially exposing sensitive information and compromising confidentiality."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T21:55:10.732Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://support.omadanetworks.com/us/download/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.omadanetworks.com/us/document/114950/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) on Omada Controllers",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-9289",
"datePublished": "2026-01-22T21:48:35.662Z",
"dateReserved": "2025-08-20T22:24:18.301Z",
"dateUpdated": "2026-01-23T20:16:00.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-9289",
"date": "2026-06-20",
"epss": "0.00173",
"percentile": "0.0697"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-9289\",\"sourceIdentifier\":\"f23511db-6c3e-4e32-a477-6aa17d310630\",\"published\":\"2026-01-22T22:16:15.787\",\"lastModified\":\"2026-03-16T18:06:44.293\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator\u2019s browser, potentially exposing sensitive information and compromising confidentiality.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de cross-site scripting (XSS) fue identificada en un par\u00e1metro en los Controladores Omada debido a una sanitizaci\u00f3n de entrada inadecuada. La explotaci\u00f3n requiere condiciones avanzadas, como el posicionamiento en la red o la emulaci\u00f3n de una entidad de confianza, y la interacci\u00f3n del usuario por parte de un administrador autenticado. Si tiene \u00e9xito, un atacante podr\u00eda ejecutar JavaScript arbitrario en el navegador del administrador, exponiendo potencialmente informaci\u00f3n sensible y comprometiendo la confidencialidad.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"f23511db-6c3e-4e32-a477-6aa17d310630\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"f23511db-6c3e-4e32-a477-6aa17d310630\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tp-link:omada_controller:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"6.0.0.24\",\"matchCriteriaId\":\"3B623F6F-B033-44B4-9F50-97CE3C0F84E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tp-link:omada_controller:*:*:*:*:cloud:*:*:*\",\"versionEndExcluding\":\"6.0.0.100\",\"matchCriteriaId\":\"DB01AAAF-90A1-4DA2-8810-D5A02D11ABCC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:oc200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.37.9\",\"matchCriteriaId\":\"036DEE09-EB29-4F38-A472-181FE88A1EAC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:oc200:1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D994D0D1-FE36-4CB9-A641-CAAC8D643783\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:oc220_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.9\",\"matchCriteriaId\":\"1836F980-6E1F-4305-973E-AB34BD046CFD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:oc220:1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"077DD2BF-32E3-434E-B040-9B4C48F419CA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:oc300_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.31.9\",\"matchCriteriaId\":\"1188840C-7B7B-4D07-A4D4-DED7D02E2971\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:oc300:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E90417C-17A3-4D55-9764-4EF93D19B610\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:oc400_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.9.9\",\"matchCriteriaId\":\"5B04AEC9-E614-4C99-98B5-568D845C3153\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:oc400:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15655343-B8B7-4C17-8F9B-E90823407861\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:oc200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.22.9\",\"matchCriteriaId\":\"4F791A1D-CF64-44C9-B17C-FF8632E3B6BF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:oc200:2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86D6AE05-E5BE-41A6-B3ED-16C5B15BF2A2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tp-link:omada_controller:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"6.0.0.34\",\"matchCriteriaId\":\"64544C00-6B20-4320-850B-B83F99D72BC6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:oc200:1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D994D0D1-FE36-4CB9-A641-CAAC8D643783\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:oc200:2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86D6AE05-E5BE-41A6-B3ED-16C5B15BF2A2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:oc220:1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"077DD2BF-32E3-434E-B040-9B4C48F419CA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:oc300:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E90417C-17A3-4D55-9764-4EF93D19B610\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:oc400:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15655343-B8B7-4C17-8F9B-E90823407861\"}]}]}],\"references\":[{\"url\":\"https://support.omadanetworks.com/us/document/114950/\",\"source\":\"f23511db-6c3e-4e32-a477-6aa17d310630\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.omadanetworks.com/us/download/\",\"source\":\"f23511db-6c3e-4e32-a477-6aa17d310630\",\"tags\":[\"Product\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"Cross-Site Scripting (XSS) on Omada Controllers\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Francesco La Spina, Stanislav Dashevskyi from Forescout Technologies\"}], \"impacts\": [{\"capecId\": \"CAPEC-63\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-63 Cross-Site Scripting (XSS)\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"TP-Link Systems Inc.\", \"product\": \"Omada Software Controller\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.0.0.24\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\", \"Linux\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"TP-Link Systems Inc.\", \"product\": \"Omada OC200, OC220, OC300, OC400\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.0.0.34\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"TP-Link Systems Inc.\", \"product\": \"Omada cloud controller\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.0.0.100\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://support.omadanetworks.com/us/download/\", \"tags\": [\"patch\"]}, {\"url\": \"https://support.omadanetworks.com/us/document/114950/\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator\\u2019s browser, potentially exposing sensitive information and compromising confidentiality.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator\\u2019s browser, potentially exposing sensitive information and compromising confidentiality.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f23511db-6c3e-4e32-a477-6aa17d310630\", \"shortName\": \"TPLink\", \"dateUpdated\": \"2026-01-22T21:55:10.732Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9289\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-23T20:15:52.769770Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2026-01-23T20:15:57.740Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2025-9289\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-22T21:55:10.732Z\", \"dateReserved\": \"2025-08-20T22:24:18.301Z\", \"assignerOrgId\": \"f23511db-6c3e-4e32-a477-6aa17d310630\", \"datePublished\": \"2026-01-22T21:48:35.662Z\", \"assignerShortName\": \"TPLink\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…