CVE-2026-1668 - Vulnerability Details

The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service.

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00058.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TP-Link Systems Inc.

SG2008P 3.2x

unaffected

Version	Status	Constraints
`0`	affected	< 3.20.17 Build 20260121 Rel.53429

TP-Link Systems Inc.

SG2008P 3.3x

unaffected

Version	Status	Constraints
`0`	affected	< 3.30.1 Build 20260127 Rel.32017

TP-Link Systems Inc.

SX3016F 1.3x

unaffected

Version	Status	Constraints
`0`	affected	< 1.30.1 Build 20260129 Rel.8831

TP-Link Systems Inc.

SX3016F 1.2x

unaffected

Version	Status	Constraints
`0`	affected	< 1.20.16 Build 20260121 Rel.57953

TP-Link Systems Inc.

SG3428 2.4x

unaffected

Version	Status	Constraints
`0`	affected	< 2.40.1 Build 20260127 Rel.39545

TP-Link Systems Inc.

SG3428XMP 3.3x

unaffected

Version	Status	Constraints
`0`	affected	< 3.30.1 Build 20260127 Rel.39545

TP-Link Systems Inc.

SG3428X 1.4x

unaffected

Version	Status	Constraints
`0`	affected	< 1.40.1 Build 20260127 Rel.39545

TP-Link Systems Inc.

SG3428XF 1.3x

unaffected

Version	Status	Constraints
`0`	affected	< 1.30.1 Build 20260127 Rel.39545

TP-Link Systems Inc.

SG3452P 3.4x

unaffected

Version	Status	Constraints
`0`	affected	< 3.40.1 Build 20260128 Rel.7041

TP-Link Systems Inc.

SG3428MP 6.3x

unaffected

Version	Status	Constraints
`0`	affected	< 6.30.1 Build 20260127 Rel.39545

TP-Link Systems Inc.

SG2218P 2.2x

unaffected

Version	Status	Constraints
`0`	affected	< 2.20.2 Build 20260127 Rel.32017

TP-Link Systems Inc.

SG2016P 1.3x

unaffected

Version	Status	Constraints
`0`	affected	< 1.30.1 Build 20260127 Rel.32017

TP-Link Systems Inc.

SG3452XP 2.3x

unaffected

Version	Status	Constraints
`0`	affected	< 2.30.1 Build 20260128 Rel.8721

TP-Link Systems Inc.

SG3428XMPP 1.2x

unaffected

Version	Status	Constraints
`0`	affected	< 1.20.1 Build 20260127 Rel.39545

TP-Link Systems Inc.

SG3452X 1.3x

unaffected

Version	Status	Constraints
`0`	affected	< 1.30.1 Build 20260128 Rel.8721

TP-Link Systems Inc.

SG2008 4.3x

unaffected

Version	Status	Constraints
`0`	affected	< 4.30.1 Build 20260127 Rel.32017

TP-Link Systems Inc.

SG3210 3.3x

unaffected

Version	Status	Constraints
`0`	affected	< 3.30.1 Build 20260206 Rel.33103

TP-Link Systems Inc.

SG2210MP 5.2x

unaffected

Version	Status	Constraints
`0`	affected	< 5.20.1 Build 20260127 Rel.32017

TP-Link Systems Inc.

SG2210P 5.3x

unaffected

Version	Status	Constraints
`0`	affected	< 5.30.1 Build 20260127 Rel.32017

TP-Link Systems Inc.

SG2218 1.3x

unaffected

Version	Status	Constraints
`0`	affected	< 1.30.1 Build 20260127 Rel.32017

TP-Link Systems Inc.

SG3452 1.3x

unaffected

Version	Status	Constraints
`0`	affected	< 1.30.1 Build 20260128 Rel.7041

TP-Link Systems Inc.

SG3210X-M2 1.2x

unaffected

Version	Status	Constraints
`0`	affected	< 1.20.1 Build 20260129 Rel.13605

TP-Link Systems Inc.

SG2210XMP-M2 1.x

unaffected

Version	Status	Constraints
`0`	affected	< 1.0.19 Build 20260121 Rel.53314

TP-Link Systems Inc.

SG2008 4.2x

unaffected

Version	Status	Constraints
`0`	affected	< 4.20.17 Build 20260121 Rel.53429

TP-Link Systems Inc.

SG2218P 1.2x

unaffected

Version	Status	Constraints
`0`	affected	< 1.20.17 Build 20260121 Rel.53429

TP-Link Systems Inc.

SG3210 3.2x

unaffected

Version	Status	Constraints
`0`	affected	< 3.20.17 Build 20260121 Rel.53429

TP-Link Systems Inc.

SG3428X-M2 1.2x

unaffected

Version	Status	Constraints
`0`	affected	< 1.20.18 Build 20260121 Rel.54271

TP-Link Systems Inc.

SX3832MPP 1.x

unaffected

Version	Status	Constraints
`0`	affected	< 1.0.11 Build 20260121 Rel.56907

TP-Link Systems Inc.

SG2218 1.2x

unaffected

Version	Status	Constraints
`0`	affected	< 1.20.17 Build 20260121 Rel.53429

TP-Link Systems Inc.

SX3832 1.x

unaffected

Version	Status	Constraints
`0`	affected	< 1.0.12 Build 20260121 Rel.56907

TP-Link Systems Inc.

SG2428LP 1.x

unaffected

Version	Status	Constraints
`0`	affected	< 1.0.15 Build 20260121 Rel.53429

TP-Link Systems Inc.

SL2428P 6.2x

unaffected

Version	Status	Constraints
`0`	affected	< 6.20.18 Build 20260121 Rel.53429

TP-Link Systems Inc.

SG3218XP-M2 1.x

unaffected

Version	Status	Constraints
`0`	affected	< 1.0.19 Build 20260121 Rel.53314

TP-Link Systems Inc.

SG3210XHP-M2 3.x

unaffected

Version	Status	Constraints
`0`	affected	< 3.0.21 Build 20260121 Rel.53314

TP-Link Systems Inc.

SG2218P 2.x

unaffected

Version	Status	Constraints
`0`	affected	< 2.0.14 Build 20260121 Rel.53429

TP-Link Systems Inc.

SG3210X-M2 1.x

unaffected

Version	Status	Constraints
`0`	affected	< 1.0.19 Build 20260121 Rel.53314

TP-Link Systems Inc.

SG2428P 5.3x

unaffected

Version	Status	Constraints
`0`	affected	< 5.30.16 Build 20260121 Rel.53429

TP-Link Systems Inc.

SG2210MP 4.2x

unaffected

Version	Status	Constraints
`0`	affected	< 4.20.18 Build 20260121 Rel.53429

TP-Link Systems Inc.

SG3452P 3.3x

unaffected

Version	Status	Constraints
`0`	affected	< 3.30.17 Build 20260121 Rel.54132

TP-Link Systems Inc.

SG3452 1.2x

unaffected

Version	Status	Constraints
`0`	affected	< 1.20.17 Build 20260121 Rel.54132

TP-Link Systems Inc.

SG2452LP 1.x

unaffected

Version	Status	Constraints
`0`	affected	< 1.0.13 Build 20260121 Rel.54132

TP-Link Systems Inc.

SX3032F 1.x

unaffected

Version	Status	Constraints
`0`	affected	< 1.0.15 Build 20260121 Rel.56907

TP-Link Systems Inc.

SG3452X 1.2x

unaffected

Version	Status	Constraints
`0`	affected	< 1.20.18 Build 20260121 Rel.55833

TP-Link Systems Inc.

SG3452XMPP 1.x

unaffected

Version	Status	Constraints
`0`	affected	< 1.0.15 Build 20260121 Rel.55833

TP-Link Systems Inc.

SG3428XPP-M2 1.2x

unaffected

Version	Status	Constraints
`0`	affected	< 1.20.19 Build 20260121 Rel.54271

TP-Link Systems Inc.

TL-SG3452P 3.0

unaffected

Version	Status	Constraints
`0`	affected	< 3.0.22 Build 20260121 Rel.54132

TP-Link Systems Inc.

SG2428P 5.2x

unaffected

Version	Status	Constraints
`0`	affected	< 5.20.20 Build 20260121 Rel.53429

TP-Link Systems Inc.

SG2210MP 5.x

unaffected

Version	Status	Constraints
`0`	affected	< 5.0.15 Build 20260121 Rel.53429

TP-Link Systems Inc.

SG2005P-PD 1.x

unaffected

Version	Status	Constraints
`0`	affected	< 1.0.19 Build 20260121 Rel.53429

TP-Link Systems Inc.

SG2016P 1.2x

unaffected

Version	Status	Constraints
`0`	affected	< 1.20.17 Build 20260121 Rel.53429

TP-Link Systems Inc.

SG3452XP 2.2x

unaffected

Version	Status	Constraints
`0`	affected	< 2.20.20 Build 20260121 Rel.55833

TP-Link Systems Inc.

SG3428XMP 3.2x

unaffected

Version	Status	Constraints
`0`	affected	< 3.20.21 Build 20260113 Rel.67732

TP-Link Systems Inc.

SG3428X 1.3x

unaffected

Version	Status	Constraints
`0`	affected	< 1.30.17 Build 20260113 Rel.67732

TP-Link Systems Inc.

SG3428XF 1.2x

unaffected

Version	Status	Constraints
`0`	affected	< 1.20.16 Build 20260113 Rel.67732

TP-Link Systems Inc.

SG3428MP 6.2x

unaffected

Version	Status	Constraints
`0`	affected	< 6.20.20 Build 20260113 Rel.67732

TP-Link Systems Inc.

TL-SG3428MP 5.x

unaffected

Version	Status	Constraints
`0`	affected	< 5.0.25 Build 20260113 Rel.67732

TP-Link Systems Inc.

SG3428 2.3x

unaffected

Version	Status	Constraints
`0`	affected	< 2.30.16 Build 20260113 Rel.67732

TP-Link Systems Inc.

SG3428XMPP 1.x

unaffected

Version	Status	Constraints
`0`	affected	< 1.0.16 Build 20260113 Rel.67732

TP-Link Systems Inc.

TL-SG2428P 4.x

unaffected

Version	Status	Constraints
`0`	affected	< 4.0.26 Build 20260121 Rel.53429

TP-Link Systems Inc.

SG2210P 5.2x

unaffected

Version	Status	Constraints
`0`	affected	< 5.20.18 Build 20260121 Rel.53429

TP-Link Systems Inc.

SX3008F 1.2x

unaffected

Version	Status	Constraints
`0`	affected	—

TP-Link Systems Inc.

SX3206HPP 1.20

unaffected

Version	Status	Constraints
`0`	affected	—

No data.

Vendor Product Confidence Versions

Tp-link

Sg2005p-pd

100%

Version	Status	Scheme	Platform
`[0,1.0.19 Build 20260121 Rel.53429)`	affected	generic	['sg2005p-pd(un)_1.0', 'sg2005p-pd(un)_1.6']

Tp-link

Sg2008

100%

Version	Status	Scheme	Platform
`[0,4.30.1 Build 20260127 Rel.32017)`	affected	generic	['sg2008(un)_4.30', 'sg2008(un)_4.36']

Tp-link

Sg2008

100%

Version	Status	Scheme	Platform
`[0,4.20.17 Build 20260121 Rel.53429)`	affected	generic	['sg2008(un)_4.20', 'sg2008(un)_4.26']

Tp-link

Sg2008p

100%

Version	Status	Scheme	Platform
`[0,3.20.17 Build 20260121 Rel.53429)`	affected	generic	['sg2008p(un)_hardware_version_3.20', 'sg2008p(un)_hardware_version_3.26']

Tp-link

Sg2008p

100%

Version	Status	Scheme	Platform
`[0,3.30.1 Build 20260127 Rel.32017)`	affected	generic	['sg2008p(un)_hardware_version_3.30', 'sg2008p(un)_hardware_version_3.36', 'sg2008p(eu)_hardware_version_3.36']

Tp-link

Sg2016p

100%

Version	Status	Scheme	Platform
`[0,1.30.1 Build 20260127 Rel.32017)`	affected	generic	['sg2016p(un)_1.30', 'sg2016p(un)_1.36']

Tp-link

Sg2016p

100%

Version	Status	Scheme	Platform
`[0,1.20.17 Build 20260121 Rel.53429)`	affected	generic	['sg2016p(un)_1.20', 'sg2016p(un)_1.26']

Tp-link

Sg2210mp

100%

Version	Status	Scheme	Platform
`[0,5.20.1 Build 20260127 Rel.32017)`	affected	generic	['sg2210mp(un)_5.20', 'sg2210mp(in)_5.28', 'sg2210mp(eu)_5.26']

Tp-link

Sg2210mp

100%

Version	Status	Scheme	Platform
`[0,4.20.18 Build 20260121 Rel.53429)`	affected	generic	['sg2210mp(un)_4.20', 'sg2210mp(un)_4.26']

Tp-link

Sg2210mp

100%

Version	Status	Scheme	Platform
`[0,5.0.15 Build 20260121 Rel.53429)`	affected	generic	['sg2210mp(un)_5.0', 'sg2210mp(in)_5.8']

Tp-link

Sg2210p

100%

Version	Status	Scheme	Platform
`[0,5.30.1 Build 20260127 Rel.32017)`	affected	generic	['sg2210p(un)_5.30', 'sg2210p(un)_5.36', 'sg2210p(br)_5.36', 'sg2210p(in)_5.38', 'sg2210p(eu)_5.36']

Tp-link

Sg2210p

100%

Version	Status	Scheme	Platform
`[0,5.20.18 Build 20260121 Rel.53429)`	affected	generic	['sg2210p(un)_5.20', 'sg2210p(in)_5.28', 'sg2210p(un)_5.26']

Tp-link

Sg2210xmp

100%

Version	Status	Scheme	Platform
`[0,1.0.19 Build 20260121 Rel.53314)`	affected	generic	['sg2210xmp-m2(un)_1.0', 'sg2210xmp-m2(un)_1.6']

Tp-link

Sg2218

100%

Version	Status	Scheme	Platform
`[0,1.30.1 Build 20260127 Rel.32017)`	affected	generic	['sg2218(un)_1.30', 'sg2218(un)_1.36']

Tp-link

Sg2218

100%

Version	Status	Scheme	Platform
`[0,1.20.17 Build 20260121 Rel.53429)`	affected	generic	['sg2218(un)_1.20', 'sg2218(un)_1.26']

Tp-link

Sg2218p

100%

Version	Status	Scheme	Platform
`[0,2.20.2 Build 20260127 Rel.32017)`	affected	generic	['sg2218p(un)_2.20', 'sg2218p(un)_2.26']

Tp-link

Sg2218p

100%

Version	Status	Scheme	Platform
`[0,1.20.17 Build 20260121 Rel.53429)`	affected	generic	['sg2218p(un)_1.20', 'sg2218p(un)_1.26']

Tp-link

Sg2218p

100%

Version	Status	Scheme	Platform
`[0,2.0.14 Build 20260121 Rel.53429)`	affected	generic	['sg2218p(un)_2.0', 'sg2218p(un)_2.6']

Tp-link

Sg2428lp

100%

Version	Status	Scheme	Platform
`[0,1.0.15 Build 20260121 Rel.53429)`	affected	generic	['sg2428lp(un)_1.0', 'sg2428lp(un)_1.6', 'sg2428lp(in)_1.8']

Tp-link

Sg2428p

100%

Version	Status	Scheme	Platform
`[0,5.30.16 Build 20260121 Rel.53429)`	affected	generic	['sg2428p(un)_5.30', 'sg2428p(un)_5.32', 'sg2428p(in)_5.33']

Tp-link

Sg2428p

100%

Version	Status	Scheme	Platform
`[0,5.20.20 Build 20260121 Rel.53429)`	affected	generic	['sg2428p(un)_5.20', 'sg2428p(un)_5.26']

Tp-link

Sg2452lp

100%

Version	Status	Scheme	Platform
`[0,1.0.13 Build 20260121 Rel.54132)`	affected	generic	['sg2452lp(un)_1.0', 'sg2452lp(un)_1.6', 'sg2452lp(in)_1.8']

Tp-link

Sg3210

100%

Version	Status	Scheme	Platform
`[0,3.30.1 Build 20260206 Rel.33103)`	affected	generic	['sg3210(un)_3.30', 'sg3210(un)_3.36', 'sg3210(in)_3.38']

Tp-link

Sg3210

100%

Version	Status	Scheme	Platform
`[0,3.20.17 Build 20260121 Rel.53429)`	affected	generic	['sg3210(un)_3.20', 'sg3210(in)_3.28', 'sg3210(un)_3.26']

Tp-link

Sg3210x-m2

100%

Version	Status	Scheme	Platform
`[0,1.20.1 Build 20260129 Rel.13605)`	affected	generic	['sg3210x-m2(un)_1.20', 'sg3210x-m2(un)_1.26']

Tp-link

Sg3210x-m2

100%

Version	Status	Scheme	Platform
`[0,1.0.19 Build 20260121 Rel.53314)`	affected	generic	['sg3210x-m2(un)_1.0', 'sg3210x-m2(un)_1.6']

Tp-link

Sg3210xhp-m2

100%

Version	Status	Scheme	Platform
`[0,3.0.21 Build 20260121 Rel.53314)`	affected	generic	['sg3210xhp-m2(un)_3.0', 'sg3210xhp-m2(in)3.8', 'sg3210xhp-m2(un)_3.6']

Tp-link

Sg3218xp-m2

100%

Version	Status	Scheme	Platform
`[0,1.0.19 Build 20260121 Rel.53314)`	affected	generic	['sg3218xp-m2(un)_1.0', 'sg3218xp-m2(un)_1.6']

Tp-link

Sg3428

100%

Version	Status	Scheme	Platform
`[0,2.40.1 Build 20260127 Rel.39545)`	affected	generic	['sg3428(un)_2.40', 'sg3428(un)_2.46', 'sg3428(br)_2.46', 'sg3428(in)_2.48']

Tp-link

Sg3428

100%

Version	Status	Scheme	Platform
`[0,2.30.16 Build 20260113 Rel.67732)`	affected	generic	['sg3428(un)_2.30', 'sg3428(in)_2.33', 'sg3428(un)_2.32']

Tp-link

Sg3428mp

100%

Version	Status	Scheme	Platform
`[0,6.30.1 Build 20260127 Rel.39545)`	affected	generic	['sg3428mp(un)_6.30', 'sg3428mp(un)_6.36', 'sg3428mp(br)_6.36', 'sg3428mp(in)_6.38', 'sg3428mp(eu)_6.36']

Tp-link

Sg3428mp

100%

Version	Status	Scheme	Platform
`[0,6.20.20 Build 20260113 Rel.67732)`	affected	generic	['sg3428mp(un)_6.20', 'sg3428mp(in)_6.28', 'sg3428mp(un)_6.26']

Tp-link

Sg3428x

100%

Version	Status	Scheme	Platform
`[0,1.40.1 Build 20260127 Rel.39545)`	affected	generic	['sg3428x(un)_1.40', 'sg3428x(un)_1.46', 'sg3428x(eu)_1.46', 'sg3428x(in)_1.48']

Tp-link

Sg3428x

100%

Version	Status	Scheme	Platform
`[0,1.30.17 Build 20260113 Rel.67732)`	affected	generic	['sg3428x(un)_1.30', 'sg3428x(in)_1.33', 'sg3428x(un)_1.32']

Tp-link

Sg3428x-m2

100%

Version	Status	Scheme	Platform
`[0,1.20.18 Build 20260121 Rel.54271)`	affected	generic	['sg3428x-m2(un)_1.20', 'sg3428x-m2(un)_1.26']

Tp-link

Sg3428xf

100%

Version	Status	Scheme	Platform
`[0,1.30.1 Build 20260127 Rel.39545)`	affected	generic	['sg3428xf(un)_1.30', 'sg3428xf(un)_1.36', 'sg3428xf(in)_1.38']

Tp-link

Sg3428xf

100%

Version	Status	Scheme	Platform
`[0,1.20.16 Build 20260113 Rel.67732)`	affected	generic	['sg3428xf(un)_1.20', 'sg3428xf(in)_1.28', 'sg3428xf(un)_1.26']

Tp-link

Sg3428xmp

100%

Version	Status	Scheme	Platform
`[0,3.30.1 Build 20260127 Rel.39545)`	affected	generic	['sg3428xmp(un)_3.30', 'sg3428xmp(un)_3.36', 'sg3428xmp(eu)_3.36', 'sg3428xmp(in)_3.38']

Tp-link

Sg3428xmp

100%

Version	Status	Scheme	Platform
`[0,3.20.21 Build 20260113 Rel.67732)`	affected	generic	['sg3428xmp(un)_3.20', 'sg3428xmp(in)_3.28', 'sg3428xmp(un)_3.26']

Tp-link

Sg3428xmpp

100%

Version	Status	Scheme	Platform
`[0,1.20.1 Build 20260127 Rel.39545)`	affected	generic	['sg3428xmpp(un)_1.20', 'sg3428xmpp(un)_1.26']

Tp-link

Sg3428xmpp

100%

Version	Status	Scheme	Platform
`[0,1.0.16 Build 20260113 Rel.67732)`	affected	generic	['sg3428xmpp(un)_1.0', 'sg3428xmpp(in)_1.8', 'sg3428xmpp(un)_1.6']

Tp-link

Sg3428xpp-m2

100%

Version	Status	Scheme	Platform
`[0,1.20.19 Build 20260121 Rel.54271)`	affected	generic	['sg3428xpp-m2(un)_1.20', 'sg3428xpp-m2(un)_1.26']

Tp-link

Sg3452

100%

Version	Status	Scheme	Platform
`[0,1.30.1 Build 20260128 Rel.7041)`	affected	generic	['sg3452(un)_1.30', 'sg3452(un)_1.36', 'sg3452(in)_1.38']

Tp-link

Sg3452

100%

Version	Status	Scheme	Platform
`[0,1.20.17 Build 20260121 Rel.54132)`	affected	generic	['sg3452(un)_1.20', 'sg3452(in)_1.28', 'sg3452(un)_1.26']

Tp-link

Sg3452p

100%

Version	Status	Scheme	Platform
`[0,3.40.1 Build 20260128 Rel.7041)`	affected	generic	['sg3452p(un)_3.40', 'sg3452p(un)_3.46', 'sg3452p(in)_3.48']

Tp-link

Sg3452p

100%

Version	Status	Scheme	Platform
`[0,3.30.17 Build 20260121 Rel.54132)`	affected	generic	['sg3452p(un)_3.30', 'sg3452p(in)_3.33', 'sg3452p(un)_3.32']

Tp-link

Sg3452x

100%

Version	Status	Scheme	Platform
`[0,1.30.1 Build 20260128 Rel.8721)`	affected	generic	['sg3452x(un)_1.30', 'sg3452x(un)_1.36', 'sg3452x(in)_1.38']

Tp-link

Sg3452x

100%

Version	Status	Scheme	Platform
`[0,1.20.18 Build 20260121 Rel.55833)`	affected	generic	['sg3452x(un)_1.20', 'sg3452x(un)_1.26']

Tp-link

Sg3452xmpp

100%

Version	Status	Scheme	Platform
`[0,1.0.15 Build 20260121 Rel.55833)`	affected	generic	['sg3452xmpp(un)_1.0', 'sg3452xmpp(un)_1.6', 'sg3452xmpp(in)_1.8']

Tp-link

Sg3452xp

100%

Version	Status	Scheme	Platform
`[0,2.30.1 Build 20260128 Rel.8721)`	affected	generic	['sg3452xp(un)_2.30', 'sg3452xp(un)_2.36', 'sg3452xp(in)_2.38']

Tp-link

Sg3452xp

100%

Version	Status	Scheme	Platform
`[0,2.20.20 Build 20260121 Rel.55833)`	affected	generic	['sg3452xp(un)_2.20', 'sg3452xp(un)_2.26']

Tp-link

Sl2428p

100%

Version	Status	Scheme	Platform
`[0,6.20.18 Build 20260121 Rel.53429)`	affected	generic	['sl2428p(un)_6.20', 'sl2428p(un)_6.26']

Tp-link

Sx3008f

100%

Version	Status	Scheme	Platform
`—`	affected	—	['sx3008f(un)_1.20', 'sx3008f(in)1.28', 'sx3008f(un)_1.26']

Tp-link

Sx3016f

100%

Version	Status	Scheme	Platform
`[0,1.30.1 Build 20260129 Rel.8831)`	affected	generic	['sx3016f(un)_hardware_version_1.30', 'sx3016f(un)_hardware_version_1.36', 'sx3016f(in)_hardware_version_1.38']

Tp-link

Sx3016f

100%

Version	Status	Scheme	Platform
`[0,1.20.16 Build 20260121 Rel.57953)`	affected	generic	['sx3016f(un)_hardware_version_1.20', 'sx3016f(un)_hardware_version_1.26', 'sx3016f(in)_hardware_version_1.28']

Tp-link

Sx3032f

100%

Version	Status	Scheme	Platform
`[0,1.0.15 Build 20260121 Rel.56907)`	affected	generic	['sx3032f(un)_1.0', 'sx3032f(un)_1.6']

Tp-link

Sx3206hpp

100%

Version	Status	Scheme	Platform
`—`	affected	—	['sx3206hpp(un)_1.20']

Tp-link

Sx3832

100%

Version	Status	Scheme	Platform
`[0,1.0.12 Build 20260121 Rel.56907)`	affected	generic	['sx3832(un)_1.0', 'sx3832(un)_1.6']

Tp-link

Sx3832mpp

100%

Version	Status	Scheme	Platform
`[0,1.0.11 Build 20260121 Rel.56907)`	affected	generic	['sx3832mpp(un)_1.0', 'sx3832mpp(un)_1.6']

Tp-link

Tl-sg2428p

100%

Version	Status	Scheme	Platform
`[0,4.0.26 Build 20260121 Rel.53429)`	affected	generic	['tl-sg2428p(un)_4.0', 'tl-sg2428p(un)_4.6']

Tp-link

Tl-sg3428mp

100%

Version	Status	Scheme	Platform
`[0,5.0.25 Build 20260113 Rel.67732)`	affected	generic	['tl-sg3428mp(un)_5.0', 'tl-sg3428mp(un)_5.6', 'tl-sg3428mp(un)_5.20', 'tl-sg3428mp(un)_5.26']

Tp-link

Tl-sg3452p

100%

Version	Status	Scheme	Platform
`[0,3.0.22 Build 20260121 Rel.54132)`	affected	generic	['tl-sg3452p(un)_3.0']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Project Subscriptions

Vendors	Products
Tp-link Subscribe	Sg2005p-pd Subscribe Sg2008 Subscribe Sg2008p Subscribe Sg2016p Subscribe Sg2210mp Subscribe Sg2210p Subscribe Sg2210xmp Subscribe Sg2218 Subscribe Sg2218p Subscribe Sg2428lp Subscribe Sg2428p Subscribe Sg2452lp Subscribe Sg3210 Subscribe Sg3210x-m2 Subscribe Sg3210xhp-m2 Subscribe Sg3218xp-m2 Subscribe Sg3428 Subscribe Sg3428mp Subscribe Sg3428x Subscribe Sg3428x-m2 Subscribe Sg3428xf Subscribe Sg3428xmp Subscribe Sg3428xmpp Subscribe Sg3428xpp-m2 Subscribe Sg3452 Subscribe Sg3452p Subscribe Sg3452x Subscribe Sg3452xmpp Subscribe Sg3452xp Subscribe Sl2428p Subscribe Sx3008f Subscribe Sx3016f Subscribe Sx3032f Subscribe Sx3206hpp Subscribe Sx3832 Subscribe Sx3832mpp Subscribe Tl-sg2428p Subscribe Tl-sg3428mp Subscribe Tl-sg3452p Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.omadanetworks.com/au/download/firmware/
https://support.omadanetworks.com/en/download/firmware/
https://support.omadanetworks.com/us/document/118794/
https://support.omadanetworks.com/us/product/

History

Mon, 16 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link Tp-link sg2005p-pd Tp-link sg2008 Tp-link sg2008p Tp-link sg2016p Tp-link sg2210mp Tp-link sg2210p Tp-link sg2210xmp Tp-link sg2218 Tp-link sg2218p Tp-link sg2428lp Tp-link sg2428p Tp-link sg2452lp Tp-link sg3210 Tp-link sg3210x-m2 Tp-link sg3210xhp-m2 Tp-link sg3218xp-m2 Tp-link sg3428 Tp-link sg3428mp Tp-link sg3428x Tp-link sg3428x-m2 Tp-link sg3428xf Tp-link sg3428xmp Tp-link sg3428xmpp Tp-link sg3428xpp-m2 Tp-link sg3452 Tp-link sg3452p Tp-link sg3452x Tp-link sg3452xmpp Tp-link sg3452xp Tp-link sl2428p Tp-link sx3008f Tp-link sx3016f Tp-link sx3032f Tp-link sx3206hpp Tp-link sx3832 Tp-link sx3832mpp Tp-link tl-sg2428p Tp-link tl-sg3428mp Tp-link tl-sg3452p
Vendors & Products		Tp-link Tp-link sg2005p-pd Tp-link sg2008 Tp-link sg2008p Tp-link sg2016p Tp-link sg2210mp Tp-link sg2210p Tp-link sg2210xmp Tp-link sg2218 Tp-link sg2218p Tp-link sg2428lp Tp-link sg2428p Tp-link sg2452lp Tp-link sg3210 Tp-link sg3210x-m2 Tp-link sg3210xhp-m2 Tp-link sg3218xp-m2 Tp-link sg3428 Tp-link sg3428mp Tp-link sg3428x Tp-link sg3428x-m2 Tp-link sg3428xf Tp-link sg3428xmp Tp-link sg3428xmpp Tp-link sg3428xpp-m2 Tp-link sg3452 Tp-link sg3452p Tp-link sg3452x Tp-link sg3452xmpp Tp-link sg3452xp Tp-link sl2428p Tp-link sx3008f Tp-link sx3016f Tp-link sx3032f Tp-link sx3206hpp Tp-link sx3832 Tp-link sx3832mpp Tp-link tl-sg2428p Tp-link tl-sg3428mp Tp-link tl-sg3452p

Fri, 13 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 13 Mar 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service.
Title		Input Validation Vulnerability on Multiple Omada Switches
Weaknesses		CWE-20
References		https://support.omadanetworks.com/au/download/firmware/ https://support.omadanetworks.com/en/download/firmware/ https://support.omadanetworks.com/us/document/118794/ https://support.omadanetworks.com/us/product/
Metrics		cvssV4_0 `{'score': 7.7, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: TPLink

Published: 2026-03-13T16:53:23.486Z

Updated: 2026-03-13T18:09:29.873Z

Reserved: 2026-01-29T21:44:58.903Z

Link: CVE-2026-1668

Vulnrichment

Updated: 2026-03-13T18:09:24.096Z

NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:53:58.160

Modified: 2026-03-16T14:54:11.293

Link: CVE-2026-1668

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-16T09:25:01Z

Weaknesses

CWE-20

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object