CVE & CISA-KEV Catalog

CVE-2025-9290

MEDIUM
5.9
CVSS v3
NVD

Description

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.

How to fix

Remediation Available
beam bridge 5 ur firmwareNVD
Affected:< 1.1.5Fixed in:1.1.5CVE-2025-9290derived from NVD
dr3220v-4g firmwareNVD
Affected:< 1.1.0Fixed in:1.1.0CVE-2025-9290derived from NVD
dr3650v-4g firmwareNVD
Affected:< 1.1.0Fixed in:1.1.0CVE-2025-9290derived from NVD
dr3650v firmwareNVD
Affected:< 1.1.0Fixed in:1.1.0CVE-2025-9290derived from NVD
eap100-bridge kit firmwareNVD
Affected:< 1.0.3Fixed in:1.0.3CVE-2025-9290derived from NVD
eap211 bridge kit firmwareNVD
Affected:< 1.1.4Fixed in:1.1.4CVE-2025-9290derived from NVD
eap215 bridge kit firmwareNVD
Affected:< 1.1.4Fixed in:1.1.4CVE-2025-9290derived from NVD
eap230-wall firmwareNVD
Affected:< 3.3.1Fixed in:3.3.1CVE-2025-9290derived from NVD
eap235-wall firmwareNVD
Affected:< 3.3.1Fixed in:3.3.1CVE-2025-9290derived from NVD
eap603-outdoor firmwareNVD
Affected:< 1.5.1Fixed in:1.5.1CVE-2025-9290derived from NVD
eap603gp-desktop firmwareNVD
Affected:< 1.1.0Fixed in:1.1.0CVE-2025-9290derived from NVD
eap610-outdoor firmwareNVD
Affected:< 1.6.1Fixed in:1.6.1CVE-2025-9290derived from NVD
eap610 firmwareNVD
Affected:< 1.6.1Fixed in:1.6.1CVE-2025-9290derived from NVD
eap610gp-desktop firmwareNVD
Affected:< 1.1.0Fixed in:1.1.0CVE-2025-9290derived from NVD
eap615-wall firmwareNVD
Affected:< 1.1.0Fixed in:1.1.0CVE-2025-9290derived from NVD
eap615gp-wall firmwareNVD
Affected:< 1.1.0Fixed in:1.1.0CVE-2025-9290derived from NVD
eap620 hd firmwareNVD
Affected:< 1.6.1Fixed in:1.6.1CVE-2025-9290derived from NVD
eap623-outdoor hd firmwareNVD
Affected:< 1.6.1Fixed in:1.6.1CVE-2025-9290derived from NVD
eap625-outdoor hd firmwareNVD
Affected:< 1.6.1Fixed in:1.6.1CVE-2025-9290derived from NVD
eap625gp-wall firmwareNVD
Affected:< 1.1.0Fixed in:1.1.0CVE-2025-9290derived from NVD
eap650-desktop firmwareNVD
Affected:< 1.1.0Fixed in:1.1.0CVE-2025-9290derived from NVD
eap650-outdoor firmwareNVD
Affected:< 1.3.3Fixed in:1.3.3CVE-2025-9290derived from NVD
eap650gp-desktop firmwareNVD
Affected:< 1.0.1Fixed in:1.0.1CVE-2025-9290derived from NVD
eap653 firmwareNVD
Affected:< 1.3.3Fixed in:1.3.3CVE-2025-9290derived from NVD
eap653 ur firmwareNVD
Affected:< 1.4.2Fixed in:1.4.2CVE-2025-9290derived from NVD
eap655-wall firmwareNVD
Affected:< 1.6.2Fixed in:1.6.2CVE-2025-9290derived from NVD
eap660 hd firmwareNVD
Affected:< 1.6.1Fixed in:1.6.1CVE-2025-9290derived from NVD
eap720 firmwareNVD
Affected:< 1.1.2Fixed in:1.1.2CVE-2025-9290derived from NVD
eap723 firmwareNVD
Affected:< 1.1.2Fixed in:1.1.2CVE-2025-9290derived from NVD
eap725-wall firmwareNVD
Affected:< 1.1.2Fixed in:1.1.2CVE-2025-9290derived from NVD
eap770 firmwareNVD
Affected:< 1.3.2Fixed in:1.3.2CVE-2025-9290derived from NVD
eap772-outdoor firmwareNVD
Affected:< 1.3.2Fixed in:1.3.2CVE-2025-9290derived from NVD
eap772 firmwareNVD
Affected:< 1.1.2Fixed in:1.1.2CVE-2025-9290derived from NVD
eap773 firmwareNVD
Affected:< 1.1.2Fixed in:1.1.2CVE-2025-9290derived from NVD
eap783 firmwareNVD
Affected:< 1.1.2Fixed in:1.1.2CVE-2025-9290derived from NVD
eap787 firmwareNVD
Affected:< 1.1.2Fixed in:1.1.2CVE-2025-9290derived from NVD
er605 firmwareNVD
Affected:< 2.3.2Fixed in:2.3.2CVE-2025-9290derived from NVD
er605w firmwareNVD
Affected:< 2.0.2Fixed in:2.0.2CVE-2025-9290derived from NVD
er701-5g-outdoor firmwareNVD
Affected:< 1.0.0Fixed in:1.0.0CVE-2025-9290derived from NVD
er703wp-4g-outdoor firmwareNVD
Affected:< 1.1.0Fixed in:1.1.0CVE-2025-9290derived from NVD
er706w-4g firmwareNVD
Affected:< 2.1.0Fixed in:2.1.0CVE-2025-9290derived from NVD
er706w firmwareNVD
Affected:< 1.2.1Fixed in:1.2.1CVE-2025-9290derived from NVD
er706wp-4g firmwareNVD
Affected:< 1.1.0Fixed in:1.1.0CVE-2025-9290derived from NVD
er707-m2 firmwareNVD
Affected:< 1.3.1Fixed in:1.3.1CVE-2025-9290derived from NVD
er7206 firmwareNVD
Affected:< 2.2.2Fixed in:2.2.2CVE-2025-9290derived from NVD
er7212pc firmwareNVD
Affected:< 2.2.1Fixed in:2.2.1CVE-2025-9290derived from NVD
er7406 firmwareNVD
Affected:< 1.2.2Fixed in:1.2.2CVE-2025-9290derived from NVD
er7412-m2 firmwareNVD
Affected:< 1.1.0Fixed in:1.1.0CVE-2025-9290derived from NVD
er8411 firmwareNVD
Affected:< 1.3.5Fixed in:1.3.5CVE-2025-9290derived from NVD
fr365 firmwareNVD
Affected:< 1.1.10Fixed in:1.1.10CVE-2025-9290derived from NVD
g36w-4g firmwareNVD
Affected:< 1.1.5Fixed in:1.1.5CVE-2025-9290derived from NVD
oc200 firmwareNVD
Affected:< 2.22.9Fixed in:2.22.9CVE-2025-9290derived from NVD
oc220 firmwareNVD
Affected:< 1.1.3Fixed in:1.1.3CVE-2025-9290derived from NVD
oc300 firmwareNVD
Affected:< 1.31.9Fixed in:1.31.9CVE-2025-9290derived from NVD
oc400 firmwareNVD
Affected:< 1.9.9Fixed in:1.9.9CVE-2025-9290derived from NVD
omada controllerNVD
Affected:< 5.15.24Fixed in:5.15.24CVE-2025-9290derived from NVD
Affected:< 6.0.0.100Fixed in:6.0.0.100CVE-2025-9290derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploit Intelligence

0.20%probability of exploitation in 30 days
10thpercentile

Low risk: more likely to be exploited than 10% of all known CVEs.

References

Embed a live status badge for CVE-2025-9290
CVE-2025-9290 severity badge

Markdown

[![CVE-2025-9290](https://tridentstack.com/cve/badge/CVE-2025-9290.svg)](https://tridentstack.com/cve/CVE-2025-9290)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-9290"><img src="https://tridentstack.com/cve/badge/CVE-2025-9290.svg" alt="CVE-2025-9290"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-03-16.